VMRay Analyzer Report
| Information | Value |
|---|---|
| ID / OS PID | #1 / 0xcc8 |
| OS Parent PID | 0x7fc (c:\windows\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe |
| Command Line | "C:\Users\WI2yhmtI onvScY7Pe\Desktop\1129c5049ff7842161800d20141de5848888ea44_(B-Ware)_vt.malware.exe" |
| Monitor | Start Time: 00:00:26, Reason: Analysis Target |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:09 |
| OS Thread IDs | #1 0xCCC #2 0xCF0 #3 0xCFC |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |  |  | |  |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000200000 | 0x00200000 | 0x00200fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000210000 | 0x00210000 | 0x0030ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000310000 | 0x00310000 | 0x0034ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000370000 | 0x00370000 | 0x0037ffff | Private Memory | Readable, Writable | | | | |
| 1129c5049ff7842161800d20141de5848888ea44_(B-Ware)_vt.malware.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| locale.nls | 0x00580000 | 0x0063dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x0073ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x0083ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x0090ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000910000 | 0x00910000 | 0x00a97fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000aa0000 | 0x00aa0000 | 0x00c20fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000c30000 | 0x00c30000 | 0x0202ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000002030000 | 0x02030000 | 0x0212ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000021d0000 | 0x021d0000 | 0x022cffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000022d0000 | 0x022d0000 | 0x024cffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| private_0x0000000010470000 | 0x10470000 | 0x104cbfff | Private Memory | - | | | | |
| private_0x00000000104d0000 | 0x104d0000 | 0x1052bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd7fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile | |
|---|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe, base_address = 0x400000 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | ||
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | ||
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | ||
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | ||
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | ||
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | ||
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe, os_pid = 0xcc8 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Users\WI2yhmtI onvScY7Pe\Desktop\1129c5049ff7842161800d20141de5848888ea44_(B-Ware)_vt.malware.exe | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | ||
| FILE | CREATE_DIR | file_name = c:\windows\system32\install | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | ||
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe, fail_if_exists = 0 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe Restart | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | ||
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Users\WI2yhmtI onvScY7Pe\Desktop\1129c5049ff7842161800d20141de5848888ea44_(B-Ware)_vt.malware.exe | | 1 | ||
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | ||
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780750 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | ||
| WND | FIND | class_name = Shell_TrayWnd | | 1 | ||
| PROC | OPEN | process_name = c:\windows\explorer.exe, os_pid = 0x7fc, desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_SET_SESSIONID, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_CREATE_PROCESS, PROCESS_SET_QUOTA, PROCESS_SET_INFORMATION, PROCESS_QUERY_INFORMATION, PROCESS_SUSPEND_RESUME, DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER, SYNCHRONIZE | | 1 | ||
| MEM | ALLOC | address = 0x10410000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x2200000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2200000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x24e0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x24e0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x24f0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x24f0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x1b4, os_pid = 0x7fc, proc_address = 0x24f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x2500000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2500000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 19 | | 1 | ||
| MEM | ALLOC | address = 0x2510000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2510000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x2520000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2520000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x2530000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2530000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x2530000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x2540000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2540000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 21 | | 1 | ||
| MEM | ALLOC | address = 0x2550000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2550000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x50b0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x50b0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x50d0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x50d0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x50d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x78d0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x78d0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 21 | | 1 | ||
| MEM | ALLOC | address = 0x7d10000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7d10000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x7d20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7d20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x7d30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7d30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x7d30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x7d40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7d40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x7d50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7d50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x7d60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7d60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x7d70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7d70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x7d70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x7d80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7d80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x7d90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7d90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x7e20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7e20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x7e30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7e30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x7e30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x7e40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7e40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0x7e50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7e50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x7e60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7e60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x7e70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7e70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x7e70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x7e80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7e80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x7e90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7e90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x80c0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x80c0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x80e0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x80e0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x80e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x80f0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x80f0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x8100000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8100000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8330000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8330000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x8340000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8340000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x8340000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x8350000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8350000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0x8360000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8360000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8370000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8370000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x8380000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8380000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x8380000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x83a0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x83a0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0x83b0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x83b0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x83c0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x83c0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x83d0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x83d0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x83d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x83e0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x83e0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x83f0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x83f0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8400000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8400000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x8410000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8410000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x8410000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x8430000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8430000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x8440000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8440000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8450000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8450000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x8460000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8460000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x8460000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x8470000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8470000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8ca0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8ca0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8cb0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8cb0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x8cc0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8cc0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x8cc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x8cd0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8cd0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x8ce0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8ce0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8cf0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8cf0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x8d00000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8d00000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x8d00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x8d10000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8d10000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x8e20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8e20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8e30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8e30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x8e40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8e40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x8e40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x8e50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8e50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x8e60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8e60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8e70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8e70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x8e80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8e80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x8e80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x8e90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8e90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8fa0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8fa0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8fb0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8fb0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x8fc0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8fc0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x8fc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x8fd0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8fd0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x8fe0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8fe0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8ff0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8ff0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x9000000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9000000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x9000000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x9010000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9010000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 25 | | 1 | ||
| MEM | ALLOC | address = 0x9020000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9020000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x9030000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9030000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x9040000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9040000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x9040000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x9050000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9050000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x9060000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9060000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x9070000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9070000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x9080000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9080000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x9080000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x9090000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9090000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x9cf0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9cf0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x9d20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9d20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x9d30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9d30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0x9d30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xd9e0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd9e0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0xd9f0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd9f0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xda00000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xda00000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xda10000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xda10000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xda10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xda20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xda20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0xda30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xda30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xda40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xda40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xda50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xda50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xda50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xda60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xda60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0xda70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xda70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xda80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xda80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xda90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xda90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xda90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdaa0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdaa0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdab0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdab0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdac0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdac0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdad0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdad0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xdad0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdae0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdae0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xdaf0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdaf0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdb00000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdb00000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdb10000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdb10000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xdb10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdb20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdb20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0xdb30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdb30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdb40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdb40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdb50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdb50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xdb50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdb60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdb60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xdb70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdb70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdb80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdb80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdb90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdb90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xdb90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdba0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdba0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xdbb0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdbb0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdbc0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdbc0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdbd0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdbd0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xdbd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdbe0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdbe0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xdbf0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdbf0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdc00000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdc00000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdc10000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdc10000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xdc10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdc20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdc20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0xdc30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdc30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdc40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdc40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdc50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdc50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xdc50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdc60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdc60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xdc70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdc70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdc80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdc80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdc90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdc90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xdc90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdca0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdca0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xdcb0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdcb0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdcc0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdcc0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdcd0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdcd0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xdcd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdce0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdce0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 8 | | 1 | ||
| MEM | ALLOC | address = 0xdcf0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdcf0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdd00000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdd00000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdd10000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdd10000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xdd10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdd20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdd20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0xdd30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdd30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdd40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdd40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdd50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdd50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xdd50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdd60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdd60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0xdd70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdd70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdd80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdd80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdd90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdd90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xdd90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdda0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdda0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0xddb0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xddb0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xddc0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xddc0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xddd0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xddd0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xddd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdde0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdde0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0xddf0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xddf0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xde00000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xde00000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xde10000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xde10000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xde10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xde20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xde20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 19 | | 1 | ||
| MEM | ALLOC | address = 0xde30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xde30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xde40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xde40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xde50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xde50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xde50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xde60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xde60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xde70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xde70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xde80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xde80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xde90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xde90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xde90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdea0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdea0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0xdeb0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdeb0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdec0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdec0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xded0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xded0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xded0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdee0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdee0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xdef0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdef0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdf00000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdf00000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdf10000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdf10000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xdf10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdf20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdf20000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0xdf30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdf30000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdf40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdf40000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdf50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdf50000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xdf50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdf60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdf60000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0xdf70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdf70000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdf80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdf80000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdf90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdf90000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xdf90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0xdfa0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdfa0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0xdfb0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdfb0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xdfc0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdfc0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x1b4, os_pid = 0x7fc, proc_address = 0xdfc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdfd0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdfd0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xdfe0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdfe0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0xdff0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdff0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe000000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe000000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xe000000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe010000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe010000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0xe020000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe020000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0xe030000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe030000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe040000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe040000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xe040000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0xe050000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe050000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe060000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe060000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xe070000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe070000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x1b4, os_pid = 0x7fc, proc_address = 0xe070000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe080000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe080000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0xe090000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe090000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe0a0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe0a0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe0b0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe0b0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xe0b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe0c0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe0c0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0xe0d0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe0d0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe0e0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe0e0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe0f0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe0f0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xe0f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe100000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe100000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xe110000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe110000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe120000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe120000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe130000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe130000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xe130000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0xe140000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe140000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe150000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe150000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xe160000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe160000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x1b4, os_pid = 0x7fc, proc_address = 0xe160000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe170000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe170000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0xe180000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe180000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe190000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe190000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe1a0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe1a0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xe1a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe1b0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe1b0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe1c0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe1c0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe1d0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe1d0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe1e0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe1e0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xe1e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe1f0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 18, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe1f0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 18 | | 1 | ||
| MEM | ALLOC | address = 0xe200000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe200000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe210000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe210000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe220000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe220000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xe220000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0xe230000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe230000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe240000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe240000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xe250000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe250000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x1b4, os_pid = 0x7fc, proc_address = 0xe250000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe260000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe260000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0xe270000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe270000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe280000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe280000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe290000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe290000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xe290000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe2a0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe2a0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0xe2b0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe2b0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe2c0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe2c0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe2d0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe2d0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xe2d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe2e0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe2e0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0xe2f0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe2f0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe300000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe300000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe310000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe310000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xe310000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe320000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe320000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xe330000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe330000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe340000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe340000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe350000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe350000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xe350000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe360000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe360000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0xe370000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe370000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe380000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe380000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe390000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe390000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xe390000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe3a0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe3a0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0xe3b0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe3b0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe3c0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe3c0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe3d0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe3d0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x0, os_pid = 0x7fc, proc_address = 0xe3d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe3e0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe3e0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0xe3f0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe3f0000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe400000, process_name = c:\windows\explorer.exe, os_pid = 0x7fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| For performance reasons, the remaining 14006 entries are omitted. Click to download all 15006 entries as text file (11.71 MB). | ||||||
| Information | Value |
|---|---|
| ID / OS PID | #2 / 0x7fc |
| OS Parent PID | 0xffffffffffffffff (Unknown) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\explorer.exe |
| Command Line | C:\Windows\Explorer.EXE |
| Monitor | Start Time: 00:00:47, Reason: Injection |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:48 |
| OS Thread IDs | #4 0xCAC #5 0x3C8 #6 0x884 #7 0x58C #8 0x268 #9 0x684 #10 0x700 #11 0x6D0 #12 0x118 #13 0x664 #14 0x208 #15 0xBA0 #16 0x51C #17 0x810 #18 0xA78 #19 0xB9C #20 0xB7C #21 0xB60 #22 0xB58 #23 0xB54 #24 0xB50 #25 0xB18 #26 0xB14 #27 0x9D8 #28 0x958 #29 0x938 #30 0x920 #31 0x914 #32 0x90C #33 0x904 #34 0x8FC #35 0x8F8 #36 0x8F4 #37 0x8F0 #38 0x8EC #39 0x8E8 #40 0x8E4 #41 0x8E0 #42 0x8B4 #43 0x8B0 #44 0x894 #45 0x890 #46 0x878 #47 0x868 #48 0x860 #49 0x85C #50 0x858 #51 0x854 #52 0x850 #53 0x848 #54 0x844 #55 0x840 #56 0x83C #57 0x838 #58 0x160 #59 0x4B4 #60 0x480 #61 0x434 #62 0x40C #413 0x1184 #414 0x1188 #415 0x118C #416 0x1190 #464 0x132C #510 0x1140 #541 0x1160 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x00000000002b0000 | 0x002b0000 | 0x002bffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c6fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000002d0000 | 0x002d0000 | 0x002e3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000002f0000 | 0x002f0000 | 0x0036ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000370000 | 0x00370000 | 0x00373fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000380000 | 0x00380000 | 0x00382fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000390000 | 0x00390000 | 0x00391fff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x003a0000 | 0x0045dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000460000 | 0x00460000 | 0x0055ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000560000 | 0x00560000 | 0x005dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000005e0000 | 0x005e0000 | 0x005e6fff | Private Memory | Readable, Writable | | | | |
| explorer.exe.mui | 0x005f0000 | 0x005f7fff | Memory Mapped File | Readable | | | | |
| private_0x0000000000600000 | 0x00600000 | 0x00600fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x0062ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000630000 | 0x00630000 | 0x007b7fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000000007c0000 | 0x007c0000 | 0x00940fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000950000 | 0x00950000 | 0x01d4ffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000001d50000 | 0x01d50000 | 0x01d50fff | Pagefile Backed Memory | Readable, Writable | | | | |
| pagefile_0x0000000001d60000 | 0x01d60000 | 0x01d60fff | Pagefile Backed Memory | Readable, Writable | | | | |
| pagefile_0x0000000001d70000 | 0x01d70000 | 0x01d70fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000001d80000 | 0x01d80000 | 0x01d80fff | Pagefile Backed Memory | Readable | | | | |
| cversions.1.db | 0x01d90000 | 0x01d93fff | Memory Mapped File | Readable | | | | |
| {AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000013.db | 0x01da0000 | 0x01db3fff | Memory Mapped File | Readable | | | | |
| pagefile_0x0000000001dc0000 | 0x01dc0000 | 0x01dc0fff | Pagefile Backed Memory | Readable, Writable | | | | |
| shell32.dll.mui | 0x01dd0000 | 0x01e30fff | Memory Mapped File | Readable | | | | |
| private_0x0000000001e40000 | 0x01e40000 | 0x01e4ffff | Private Memory | Readable, Writable | | | | |
| SortDefault.nls | 0x01e50000 | 0x02186fff | Memory Mapped File | Readable | | | | |
| thumbcache_idx.db | 0x02190000 | 0x02193fff | Memory Mapped File | Readable, Writable | | | | |
| private_0x0000000002190000 | 0x02190000 | 0x02193fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000021a0000 | 0x021a0000 | 0x021a3fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000021a0000 | 0x021a0000 | 0x021a0fff | Private Memory | Readable, Writable, Executable | | | | |
| pagefile_0x00000000021b0000 | 0x021b0000 | 0x021b1fff | Pagefile Backed Memory | Readable | | | | |
| hcproviders.dll.mui | 0x021c0000 | 0x021c1fff | Memory Mapped File | Readable | | | | |
| ActionCenter.dll.mui | 0x021d0000 | 0x021dafff | Memory Mapped File | Readable | | | | |
| msxml6r.dll | 0x021e0000 | 0x021e0fff | Memory Mapped File | Readable | | | | |
| private_0x00000000021f0000 | 0x021f0000 | 0x021f6fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002200000 | 0x02200000 | 0x02200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002210000 | 0x02210000 | 0x0228ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002210000 | 0x02210000 | 0x02231fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002240000 | 0x02240000 | 0x022bffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002290000 | 0x02290000 | 0x0230ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002310000 | 0x02310000 | 0x0238ffff | Private Memory | Readable, Writable | | | | |
| {3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000010.db | 0x02390000 | 0x023a4fff | Memory Mapped File | Readable | | | | |
| pagefile_0x00000000023b0000 | 0x023b0000 | 0x023b2fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000000023c0000 | 0x023c0000 | 0x023c2fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000000023d0000 | 0x023d0000 | 0x023f9fff | Pagefile Backed Memory | Readable, Writable | | | | |
| KernelBase.dll.mui | 0x02400000 | 0x024defff | Memory Mapped File | Readable | | | | |
| private_0x00000000024e0000 | 0x024e0000 | 0x0255ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000024e0000 | 0x024e0000 | 0x024e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024f0000 | 0x024f0000 | 0x024f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002500000 | 0x02500000 | 0x02500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002510000 | 0x02510000 | 0x02510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002520000 | 0x02520000 | 0x02520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002530000 | 0x02530000 | 0x02530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002540000 | 0x02540000 | 0x02540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002550000 | 0x02550000 | 0x02550fff | Private Memory | Readable, Writable, Executable | | | | |
| stobject.dll.mui | 0x02560000 | 0x02561fff | Memory Mapped File | Readable | | | | |
| cversions.2.db | 0x02570000 | 0x02573fff | Memory Mapped File | Readable | | | | |
| pagefile_0x0000000002580000 | 0x02580000 | 0x02582fff | Pagefile Backed Memory | Readable | | | | |
| InputSwitch.dll.mui | 0x02590000 | 0x02591fff | Memory Mapped File | Readable | | | | |
| private_0x00000000025a0000 | 0x025a0000 | 0x025a0fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000025b0000 | 0x025b0000 | 0x025b2fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000000025c0000 | 0x025c0000 | 0x025c1fff | Pagefile Backed Memory | Readable | | | | |
| sndvolsso.dll.mui | 0x025d0000 | 0x025d1fff | Memory Mapped File | Readable | | | | |
| private_0x00000000025e0000 | 0x025e0000 | 0x0265ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000002660000 | 0x02660000 | 0x02661fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000002670000 | 0x02670000 | 0x02671fff | Pagefile Backed Memory | Readable | | | | |
| oleaccrc.dll | 0x02680000 | 0x02681fff | Memory Mapped File | Readable | | | | |
| oleaccrc.dll.mui | 0x02690000 | 0x02694fff | Memory Mapped File | Readable | | | | |
| pagefile_0x00000000026a0000 | 0x026a0000 | 0x02757fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000002760000 | 0x02760000 | 0x02763fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000002770000 | 0x02770000 | 0x0286ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002870000 | 0x02870000 | 0x0296ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002970000 | 0x02970000 | 0x02976fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000002980000 | 0x02980000 | 0x02982fff | Pagefile Backed Memory | Readable | | | | |
| StaticCache.dat | 0x02990000 | 0x039cffff | Memory Mapped File | Readable | | | | |
| private_0x00000000039d0000 | 0x039d0000 | 0x039d0fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000039e0000 | 0x039e0000 | 0x039e0fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000039f0000 | 0x039f0000 | 0x039f0fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000003a00000 | 0x03a00000 | 0x03a02fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000003a10000 | 0x03a10000 | 0x03a8ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000003a90000 | 0x03a90000 | 0x03a91fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000003aa0000 | 0x03aa0000 | 0x03aa0fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000003ab0000 | 0x03ab0000 | 0x03ab0fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000003ac0000 | 0x03ac0000 | 0x03ac0fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000003ad0000 | 0x03ad0000 | 0x03ad0fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000003ae0000 | 0x03ae0000 | 0x03aeffff | Pagefile Backed Memory | Readable, Writable | | | | |
| pagefile_0x0000000003af0000 | 0x03af0000 | 0x03afffff | Pagefile Backed Memory | Readable, Writable | | | | |
| pagefile_0x0000000003b00000 | 0x03b00000 | 0x03b0ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000003b10000 | 0x03b10000 | 0x03b10fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000003b20000 | 0x03b20000 | 0x03b20fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000003b30000 | 0x03b30000 | 0x03b30fff | Private Memory | Readable, Writable | | | | |
| cversions.1.db | 0x03b40000 | 0x03b43fff | Memory Mapped File | Readable | | | | |
| private_0x0000000003b50000 | 0x03b50000 | 0x03b50fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000003b60000 | 0x03b60000 | 0x03b60fff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000003b70000 | 0x03b70000 | 0x03b70fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000003b80000 | 0x03b80000 | 0x03b82fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000003b90000 | 0x03b90000 | 0x03bc8fff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000003bd0000 | 0x03bd0000 | 0x03bd0fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000003be0000 | 0x03be0000 | 0x03be0fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000003bf0000 | 0x03bf0000 | 0x03bf2fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000003c00000 | 0x03c00000 | 0x03c01fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000003c10000 | 0x03c10000 | 0x03c10fff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000003c20000 | 0x03c20000 | 0x03c20fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000003c30000 | 0x03c30000 | 0x03c3dfff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000003c40000 | 0x03c40000 | 0x03c42fff | Pagefile Backed Memory | Readable | | | | |
| pnidui.dll.mui | 0x03c50000 | 0x03c51fff | Memory Mapped File | Readable | | | | |
| pagefile_0x0000000003c60000 | 0x03c60000 | 0x03c62fff | Pagefile Backed Memory | Readable | | | | |
| cversions.2.db | 0x03c70000 | 0x03c73fff | Memory Mapped File | Readable | | | | |
| {6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db | 0x03c80000 | 0x03cc2fff | Memory Mapped File | Readable | | | | |
| cversions.2.db | 0x03cd0000 | 0x03cd3fff | Memory Mapped File | Readable | | | | |
| {DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db | 0x03ce0000 | 0x03d6afff | Memory Mapped File | Readable | | | | |
| propsys.dll.mui | 0x03d70000 | 0x03d80fff | Memory Mapped File | Readable | | | | |
| private_0x0000000003d90000 | 0x03d90000 | 0x03e0ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000003e10000 | 0x03e10000 | 0x03e8ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000003e90000 | 0x03e90000 | 0x03f0ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000003f10000 | 0x03f10000 | 0x03f8ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000003f90000 | 0x03f90000 | 0x0400ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004010000 | 0x04010000 | 0x04010fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004020000 | 0x04020000 | 0x0409ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000040a0000 | 0x040a0000 | 0x0489ffff | Private Memory | - | | | | |
| private_0x00000000048a0000 | 0x048a0000 | 0x0491ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000004920000 | 0x04920000 | 0x04e11fff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000004e20000 | 0x04e20000 | 0x04f1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004f20000 | 0x04f20000 | 0x04f9ffff | Private Memory | Readable, Writable | | | | |
| wscui.cpl.mui | 0x04fa0000 | 0x04fb1fff | Memory Mapped File | Readable | | | | |
| iconcache_idx.db | 0x04fc0000 | 0x04fc1fff | Memory Mapped File | Readable, Writable | | | | |
| thumbcache_idx.db | 0x04fd0000 | 0x04fd3fff | Memory Mapped File | Readable, Writable | | | | |
| imageres.dll.mui | 0x04fe0000 | 0x04fe0fff | Memory Mapped File | Readable | | | | |
| iconcache_idx.db | 0x04ff0000 | 0x04ff1fff | Memory Mapped File | Readable, Writable | | | | |
| iconcache_48.db | 0x05000000 | 0x05000fff | Memory Mapped File | Readable, Writable | | | | |
| thumbcache_idx.db | 0x05010000 | 0x05013fff | Memory Mapped File | Readable, Writable | | | | |
| mpr.dll.mui | 0x05020000 | 0x05020fff | Memory Mapped File | Readable | | | | |
| private_0x0000000005030000 | 0x05030000 | 0x050affff | Private Memory | Readable, Writable | | | | |
| private_0x00000000050b0000 | 0x050b0000 | 0x050b0fff | Private Memory | Readable, Writable, Executable | | | | |
| thumbcache_idx.db | 0x050c0000 | 0x050c3fff | Memory Mapped File | Readable, Writable | | | | |
| private_0x00000000050d0000 | 0x050d0000 | 0x050d0fff | Private Memory | Readable, Writable, Executable | | | | |
| iconcache_idx.db | 0x050e0000 | 0x050e1fff | Memory Mapped File | Readable, Writable | | | | |
| iconcache_48.db | 0x050f0000 | 0x050f0fff | Memory Mapped File | Readable, Writable | | | | |
| iconcache_idx.db | 0x05100000 | 0x05101fff | Memory Mapped File | Readable, Writable | | | | |
| iconcache_48.db | 0x05110000 | 0x05110fff | Memory Mapped File | Readable, Writable | | | | |
| private_0x0000000005120000 | 0x05120000 | 0x0531ffff | Private Memory | Readable, Writable | | | | |
| winnlsres.dll | 0x05320000 | 0x05324fff | Memory Mapped File | Readable | | | | |
| winnlsres.dll.mui | 0x05330000 | 0x0533ffff | Memory Mapped File | Readable | | | | |
| private_0x0000000005340000 | 0x05340000 | 0x053bffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000053c0000 | 0x053c0000 | 0x053c0fff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x00000000053d0000 | 0x053d0000 | 0x053d0fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000053e0000 | 0x053e0000 | 0x053e0fff | Private Memory | Readable, Writable | | | | |
| mswsock.dll.mui | 0x053f0000 | 0x053f2fff | Memory Mapped File | Readable | | | | |
| pagefile_0x0000000005400000 | 0x05400000 | 0x05402fff | Pagefile Backed Memory | Readable | | | | |
| bthprops.cpl.mui | 0x05410000 | 0x05413fff | Memory Mapped File | Readable | | | | |
| private_0x0000000005420000 | 0x05420000 | 0x0549ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000054a0000 | 0x054a0000 | 0x054e8fff | Private Memory | Readable, Writable | | | | |
| appdb.dat | 0x054f0000 | 0x07871fff | Memory Mapped File | Readable, Writable | | | | |
| pagefile_0x0000000007880000 | 0x07880000 | 0x07881fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000007890000 | 0x07890000 | 0x07890fff | Private Memory | Readable, Writable | | | | |
| thumbcache_idx.db | 0x078a0000 | 0x078a3fff | Memory Mapped File | Readable, Writable | | | | |
| private_0x00000000078b0000 | 0x078b0000 | 0x078b8fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000078c0000 | 0x078c0000 | 0x078c3fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000078d0000 | 0x078d0000 | 0x078d0fff | Private Memory | Readable, Writable, Executable | | | | |
| iconcache_idx.db | 0x078e0000 | 0x078e1fff | Memory Mapped File | Readable, Writable | | | | |
| private_0x00000000078f0000 | 0x078f0000 | 0x078f8fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007900000 | 0x07900000 | 0x07900fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007910000 | 0x07910000 | 0x07a0ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000007a10000 | 0x07a10000 | 0x07a12fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000007a20000 | 0x07a20000 | 0x07a67fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007a70000 | 0x07a70000 | 0x07ab7fff | Private Memory | Readable, Writable | | | | |
| netmsg.dll | 0x07ac0000 | 0x07ac0fff | Memory Mapped File | Readable | | | | |
| netmsg.dll.mui | 0x07ad0000 | 0x07b01fff | Memory Mapped File | Readable | | | | |
| iconcache_48.db | 0x07b10000 | 0x07b10fff | Memory Mapped File | Readable, Writable | | | | |
| {3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000012.db | 0x07b20000 | 0x07b33fff | Memory Mapped File | Readable | | | | |
| private_0x0000000007b40000 | 0x07b40000 | 0x07b87fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007b90000 | 0x07b90000 | 0x07c0ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007c10000 | 0x07c10000 | 0x07c8ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007c90000 | 0x07c90000 | 0x07d0ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007d10000 | 0x07d10000 | 0x07d8ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007d10000 | 0x07d10000 | 0x07d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d20000 | 0x07d20000 | 0x07d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d30000 | 0x07d30000 | 0x07d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d40000 | 0x07d40000 | 0x07d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d50000 | 0x07d50000 | 0x07d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d60000 | 0x07d60000 | 0x07d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d70000 | 0x07d70000 | 0x07d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d80000 | 0x07d80000 | 0x07d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d90000 | 0x07d90000 | 0x07d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007da0000 | 0x07da0000 | 0x07e1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007e20000 | 0x07e20000 | 0x07e9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007e20000 | 0x07e20000 | 0x07e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e30000 | 0x07e30000 | 0x07e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e40000 | 0x07e40000 | 0x07e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e50000 | 0x07e50000 | 0x07e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e60000 | 0x07e60000 | 0x07e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e70000 | 0x07e70000 | 0x07e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e80000 | 0x07e80000 | 0x07e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e90000 | 0x07e90000 | 0x07e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007ea0000 | 0x07ea0000 | 0x07f1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007f20000 | 0x07f20000 | 0x07f9ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000007fa0000 | 0x07fa0000 | 0x07fa2fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000007fb0000 | 0x07fb0000 | 0x07fb1fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000007fc0000 | 0x07fc0000 | 0x080bffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000080c0000 | 0x080c0000 | 0x080c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000080d0000 | 0x080d0000 | 0x080dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000080e0000 | 0x080e0000 | 0x080e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000080f0000 | 0x080f0000 | 0x080f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008100000 | 0x08100000 | 0x08100fff | Private Memory | Readable, Writable, Executable | | | | |
| windows.storage.dll.mui | 0x08110000 | 0x08117fff | Memory Mapped File | Readable | | | | |
| private_0x0000000008120000 | 0x08120000 | 0x0819ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000081a0000 | 0x081a0000 | 0x0821ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008220000 | 0x08220000 | 0x0829ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000082a0000 | 0x082a0000 | 0x0831ffff | Private Memory | Readable, Writable | | | | |
| {3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000013.db | 0x082a0000 | 0x082b2fff | Memory Mapped File | Readable | | | | |
| pagefile_0x0000000008320000 | 0x08320000 | 0x08322fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000008330000 | 0x08330000 | 0x08330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008340000 | 0x08340000 | 0x08340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008350000 | 0x08350000 | 0x08350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008360000 | 0x08360000 | 0x08360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008370000 | 0x08370000 | 0x08370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008380000 | 0x08380000 | 0x08380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008390000 | 0x08390000 | 0x0839ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000083a0000 | 0x083a0000 | 0x0841ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000083a0000 | 0x083a0000 | 0x083a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000083b0000 | 0x083b0000 | 0x083b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000083c0000 | 0x083c0000 | 0x083c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000083d0000 | 0x083d0000 | 0x083d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000083e0000 | 0x083e0000 | 0x083e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000083f0000 | 0x083f0000 | 0x083f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008400000 | 0x08400000 | 0x08400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008410000 | 0x08410000 | 0x08410fff | Private Memory | Readable, Writable, Executable | | | | |
| iconcache_48.db | 0x08420000 | 0x08420fff | Memory Mapped File | Readable, Writable | | | | |
| private_0x0000000008430000 | 0x08430000 | 0x08430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008440000 | 0x08440000 | 0x08440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008450000 | 0x08450000 | 0x08450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008460000 | 0x08460000 | 0x08460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008470000 | 0x08470000 | 0x08470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008480000 | 0x08480000 | 0x084fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008500000 | 0x08500000 | 0x0857ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008580000 | 0x08580000 | 0x085fffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000008600000 | 0x08600000 | 0x08600fff | Pagefile Backed Memory | Readable, Writable | | | | |
| pagefile_0x0000000008610000 | 0x08610000 | 0x08612fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000008620000 | 0x08620000 | 0x0869ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000086a0000 | 0x086a0000 | 0x0871ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008720000 | 0x08720000 | 0x0879ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000087a0000 | 0x087a0000 | 0x0881ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008820000 | 0x08820000 | 0x0889ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000088a0000 | 0x088a0000 | 0x0891ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008920000 | 0x08920000 | 0x0899ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000089a0000 | 0x089a0000 | 0x08a1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008a20000 | 0x08a20000 | 0x08a9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008aa0000 | 0x08aa0000 | 0x08b1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008b20000 | 0x08b20000 | 0x08b9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008ba0000 | 0x08ba0000 | 0x08c1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008c20000 | 0x08c20000 | 0x08c9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008ca0000 | 0x08ca0000 | 0x08d1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008ca0000 | 0x08ca0000 | 0x08ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008cb0000 | 0x08cb0000 | 0x08cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008cc0000 | 0x08cc0000 | 0x08cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008cd0000 | 0x08cd0000 | 0x08cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008ce0000 | 0x08ce0000 | 0x08ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008cf0000 | 0x08cf0000 | 0x08cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008d00000 | 0x08d00000 | 0x08d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008d10000 | 0x08d10000 | 0x08d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008d20000 | 0x08d20000 | 0x08d9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008da0000 | 0x08da0000 | 0x08e1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008e20000 | 0x08e20000 | 0x08e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008e30000 | 0x08e30000 | 0x08e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008e40000 | 0x08e40000 | 0x08e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008e50000 | 0x08e50000 | 0x08e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008e60000 | 0x08e60000 | 0x08e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008e70000 | 0x08e70000 | 0x08e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008e80000 | 0x08e80000 | 0x08e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008e90000 | 0x08e90000 | 0x08e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008ea0000 | 0x08ea0000 | 0x08f1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008ea0000 | 0x08ea0000 | 0x08ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008eb0000 | 0x08eb0000 | 0x08eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008ec0000 | 0x08ec0000 | 0x08ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008ed0000 | 0x08ed0000 | 0x08ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008ee0000 | 0x08ee0000 | 0x08ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008ef0000 | 0x08ef0000 | 0x08ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008f00000 | 0x08f00000 | 0x08f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008f10000 | 0x08f10000 | 0x08f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008f20000 | 0x08f20000 | 0x08f9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008fa0000 | 0x08fa0000 | 0x08fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008fb0000 | 0x08fb0000 | 0x08fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008fc0000 | 0x08fc0000 | 0x08fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008fd0000 | 0x08fd0000 | 0x08fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008fe0000 | 0x08fe0000 | 0x08fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008ff0000 | 0x08ff0000 | 0x08ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009000000 | 0x09000000 | 0x09000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009010000 | 0x09010000 | 0x09010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009020000 | 0x09020000 | 0x09020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009030000 | 0x09030000 | 0x09030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009040000 | 0x09040000 | 0x09040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009050000 | 0x09050000 | 0x09050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009060000 | 0x09060000 | 0x09060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009070000 | 0x09070000 | 0x09070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009080000 | 0x09080000 | 0x09080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009090000 | 0x09090000 | 0x09090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000090a0000 | 0x090a0000 | 0x0911ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009120000 | 0x09120000 | 0x0951ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009520000 | 0x09520000 | 0x0959ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000095a0000 | 0x095a0000 | 0x0961ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009620000 | 0x09620000 | 0x0971ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009720000 | 0x09720000 | 0x09c11fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000009c20000 | 0x09c20000 | 0x09c22fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000009c30000 | 0x09c30000 | 0x09c32fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000009c40000 | 0x09c40000 | 0x09c40fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009c50000 | 0x09c50000 | 0x09ccffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000009cd0000 | 0x09cd0000 | 0x09cd2fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000009ce0000 | 0x09ce0000 | 0x09ce2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000009cf0000 | 0x09cf0000 | 0x09cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| {3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000011.db | 0x09d00000 | 0x09d14fff | Memory Mapped File | Readable | | | | |
| private_0x0000000009d20000 | 0x09d20000 | 0x09d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009d30000 | 0x09d30000 | 0x09d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009d40000 | 0x09d40000 | 0x09dbffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000009dc0000 | 0x09dc0000 | 0x0a7bffff | Pagefile Backed Memory | Readable, Writable | | | | |
| thumbcache_256.db | 0x0a7c0000 | 0x0a8bffff | Memory Mapped File | Readable, Writable | | | | |
| thumbcache_48.db | 0x0a8c0000 | 0x0a9bffff | Memory Mapped File | Readable, Writable | | | | |
| thumbcache_48.db | 0x0a9c0000 | 0x0aabffff | Memory Mapped File | Readable, Writable | | | | |
| thumbcache_48.db | 0x0aac0000 | 0x0abbffff | Memory Mapped File | Readable, Writable | | | | |
| thumbcache_48.db | 0x0abc0000 | 0x0acbffff | Memory Mapped File | Readable, Writable | | | | |
| imageres.dll | 0x0acc0000 | 0x0d8d2fff | Memory Mapped File | Readable | | | | |
| thumbcache_48.db | 0x0d8e0000 | 0x0d9dffff | Memory Mapped File | Readable, Writable | | | | |
| private_0x000000000d9e0000 | 0x0d9e0000 | 0x0d9e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000d9f0000 | 0x0d9f0000 | 0x0d9f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000da00000 | 0x0da00000 | 0x0da00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000da10000 | 0x0da10000 | 0x0da10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000da20000 | 0x0da20000 | 0x0da20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000da30000 | 0x0da30000 | 0x0da30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000da40000 | 0x0da40000 | 0x0da40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000da50000 | 0x0da50000 | 0x0da50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000da60000 | 0x0da60000 | 0x0da60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000da70000 | 0x0da70000 | 0x0da70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000da80000 | 0x0da80000 | 0x0da80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000da90000 | 0x0da90000 | 0x0da90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000daa0000 | 0x0daa0000 | 0x0daa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dab0000 | 0x0dab0000 | 0x0dab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dac0000 | 0x0dac0000 | 0x0dac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dad0000 | 0x0dad0000 | 0x0dad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dae0000 | 0x0dae0000 | 0x0dae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000daf0000 | 0x0daf0000 | 0x0daf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000db00000 | 0x0db00000 | 0x0db00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000db10000 | 0x0db10000 | 0x0db10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000db20000 | 0x0db20000 | 0x0db20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000db30000 | 0x0db30000 | 0x0db30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000db40000 | 0x0db40000 | 0x0db40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000db50000 | 0x0db50000 | 0x0db50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000db60000 | 0x0db60000 | 0x0db60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000db70000 | 0x0db70000 | 0x0db70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000db80000 | 0x0db80000 | 0x0db80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000db90000 | 0x0db90000 | 0x0db90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dba0000 | 0x0dba0000 | 0x0dba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dbb0000 | 0x0dbb0000 | 0x0dbb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dbc0000 | 0x0dbc0000 | 0x0dbc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dbd0000 | 0x0dbd0000 | 0x0dbd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dbe0000 | 0x0dbe0000 | 0x0dbe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dbf0000 | 0x0dbf0000 | 0x0dbf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dc00000 | 0x0dc00000 | 0x0dc00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dc10000 | 0x0dc10000 | 0x0dc10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dc20000 | 0x0dc20000 | 0x0dc20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dc30000 | 0x0dc30000 | 0x0dc30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dc40000 | 0x0dc40000 | 0x0dc40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dc50000 | 0x0dc50000 | 0x0dc50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dc60000 | 0x0dc60000 | 0x0dc60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dc70000 | 0x0dc70000 | 0x0dc70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dc80000 | 0x0dc80000 | 0x0dc80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dc90000 | 0x0dc90000 | 0x0dc90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dca0000 | 0x0dca0000 | 0x0dca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dcb0000 | 0x0dcb0000 | 0x0dcb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dcc0000 | 0x0dcc0000 | 0x0dcc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dcd0000 | 0x0dcd0000 | 0x0dcd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dce0000 | 0x0dce0000 | 0x0dce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dcf0000 | 0x0dcf0000 | 0x0dcf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dd00000 | 0x0dd00000 | 0x0dd00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dd10000 | 0x0dd10000 | 0x0dd10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dd20000 | 0x0dd20000 | 0x0dd20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dd30000 | 0x0dd30000 | 0x0dd30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dd40000 | 0x0dd40000 | 0x0dd40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dd50000 | 0x0dd50000 | 0x0dd50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dd60000 | 0x0dd60000 | 0x0dd60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dd70000 | 0x0dd70000 | 0x0dd70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dd80000 | 0x0dd80000 | 0x0dd80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dd90000 | 0x0dd90000 | 0x0dd90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dda0000 | 0x0dda0000 | 0x0dda0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ddb0000 | 0x0ddb0000 | 0x0ddb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ddc0000 | 0x0ddc0000 | 0x0ddc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ddd0000 | 0x0ddd0000 | 0x0ddd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dde0000 | 0x0dde0000 | 0x0dde0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ddf0000 | 0x0ddf0000 | 0x0ddf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000de00000 | 0x0de00000 | 0x0de00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000de10000 | 0x0de10000 | 0x0de10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000de20000 | 0x0de20000 | 0x0de20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000de30000 | 0x0de30000 | 0x0de30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000de40000 | 0x0de40000 | 0x0de40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000de50000 | 0x0de50000 | 0x0de50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000de60000 | 0x0de60000 | 0x0de60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000de70000 | 0x0de70000 | 0x0de70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000de80000 | 0x0de80000 | 0x0de80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000de90000 | 0x0de90000 | 0x0de90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dea0000 | 0x0dea0000 | 0x0dea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000deb0000 | 0x0deb0000 | 0x0deb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dec0000 | 0x0dec0000 | 0x0dec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ded0000 | 0x0ded0000 | 0x0ded0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dee0000 | 0x0dee0000 | 0x0dee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000def0000 | 0x0def0000 | 0x0def0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000df00000 | 0x0df00000 | 0x0df00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000df10000 | 0x0df10000 | 0x0df10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000df20000 | 0x0df20000 | 0x0df20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000df30000 | 0x0df30000 | 0x0df30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000df40000 | 0x0df40000 | 0x0df40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000df50000 | 0x0df50000 | 0x0df50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000df60000 | 0x0df60000 | 0x0df60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000df70000 | 0x0df70000 | 0x0df70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000df80000 | 0x0df80000 | 0x0df80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000df90000 | 0x0df90000 | 0x0df90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dfa0000 | 0x0dfa0000 | 0x0dfa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dfb0000 | 0x0dfb0000 | 0x0dfb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dfc0000 | 0x0dfc0000 | 0x0dfc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dfd0000 | 0x0dfd0000 | 0x0dfd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dfe0000 | 0x0dfe0000 | 0x0dfe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000dff0000 | 0x0dff0000 | 0x0dff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e000000 | 0x0e000000 | 0x0e000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e010000 | 0x0e010000 | 0x0e010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e020000 | 0x0e020000 | 0x0e020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e030000 | 0x0e030000 | 0x0e030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e040000 | 0x0e040000 | 0x0e040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e050000 | 0x0e050000 | 0x0e050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e060000 | 0x0e060000 | 0x0e060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e070000 | 0x0e070000 | 0x0e070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e080000 | 0x0e080000 | 0x0e080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e090000 | 0x0e090000 | 0x0e090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e0a0000 | 0x0e0a0000 | 0x0e0a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e0b0000 | 0x0e0b0000 | 0x0e0b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e0c0000 | 0x0e0c0000 | 0x0e0c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e0d0000 | 0x0e0d0000 | 0x0e0d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e0e0000 | 0x0e0e0000 | 0x0e0e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e0f0000 | 0x0e0f0000 | 0x0e0f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e100000 | 0x0e100000 | 0x0e100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e110000 | 0x0e110000 | 0x0e110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e120000 | 0x0e120000 | 0x0e120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e130000 | 0x0e130000 | 0x0e130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e140000 | 0x0e140000 | 0x0e140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e150000 | 0x0e150000 | 0x0e150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e160000 | 0x0e160000 | 0x0e160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e170000 | 0x0e170000 | 0x0e170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e180000 | 0x0e180000 | 0x0e180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e190000 | 0x0e190000 | 0x0e190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e1a0000 | 0x0e1a0000 | 0x0e1a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e1b0000 | 0x0e1b0000 | 0x0e1b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e1c0000 | 0x0e1c0000 | 0x0e1c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e1d0000 | 0x0e1d0000 | 0x0e1d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e1e0000 | 0x0e1e0000 | 0x0e1e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e1f0000 | 0x0e1f0000 | 0x0e1f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e200000 | 0x0e200000 | 0x0e200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e210000 | 0x0e210000 | 0x0e210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e220000 | 0x0e220000 | 0x0e220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e230000 | 0x0e230000 | 0x0e230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e240000 | 0x0e240000 | 0x0e240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e250000 | 0x0e250000 | 0x0e250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e260000 | 0x0e260000 | 0x0e260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e270000 | 0x0e270000 | 0x0e270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e280000 | 0x0e280000 | 0x0e280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e290000 | 0x0e290000 | 0x0e290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e2a0000 | 0x0e2a0000 | 0x0e2a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e2b0000 | 0x0e2b0000 | 0x0e2b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e2c0000 | 0x0e2c0000 | 0x0e2c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e2d0000 | 0x0e2d0000 | 0x0e2d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e2e0000 | 0x0e2e0000 | 0x0e2e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e2f0000 | 0x0e2f0000 | 0x0e2f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e300000 | 0x0e300000 | 0x0e300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e310000 | 0x0e310000 | 0x0e310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e320000 | 0x0e320000 | 0x0e320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e330000 | 0x0e330000 | 0x0e330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e340000 | 0x0e340000 | 0x0e340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e350000 | 0x0e350000 | 0x0e350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e360000 | 0x0e360000 | 0x0e360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e370000 | 0x0e370000 | 0x0e370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e380000 | 0x0e380000 | 0x0e380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e390000 | 0x0e390000 | 0x0e390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e3a0000 | 0x0e3a0000 | 0x0e3a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e3b0000 | 0x0e3b0000 | 0x0e3b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e3c0000 | 0x0e3c0000 | 0x0e3c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e3d0000 | 0x0e3d0000 | 0x0e3d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e3e0000 | 0x0e3e0000 | 0x0e3e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e3f0000 | 0x0e3f0000 | 0x0e3f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e400000 | 0x0e400000 | 0x0e400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e410000 | 0x0e410000 | 0x0e410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e420000 | 0x0e420000 | 0x0e420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e430000 | 0x0e430000 | 0x0e430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e440000 | 0x0e440000 | 0x0e440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e450000 | 0x0e450000 | 0x0e450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e460000 | 0x0e460000 | 0x0e460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e470000 | 0x0e470000 | 0x0e470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e480000 | 0x0e480000 | 0x0e480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e490000 | 0x0e490000 | 0x0e490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e4a0000 | 0x0e4a0000 | 0x0e4a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e4b0000 | 0x0e4b0000 | 0x0e4b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e4c0000 | 0x0e4c0000 | 0x0e4c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e4d0000 | 0x0e4d0000 | 0x0e4d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e4e0000 | 0x0e4e0000 | 0x0e4e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e4f0000 | 0x0e4f0000 | 0x0e4f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e500000 | 0x0e500000 | 0x0e500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e510000 | 0x0e510000 | 0x0e510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e520000 | 0x0e520000 | 0x0e520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e530000 | 0x0e530000 | 0x0e530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e540000 | 0x0e540000 | 0x0e540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e550000 | 0x0e550000 | 0x0e550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e560000 | 0x0e560000 | 0x0e560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e570000 | 0x0e570000 | 0x0e570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e580000 | 0x0e580000 | 0x0e580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e590000 | 0x0e590000 | 0x0e590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e5a0000 | 0x0e5a0000 | 0x0e5a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e5b0000 | 0x0e5b0000 | 0x0e5b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e5c0000 | 0x0e5c0000 | 0x0e5c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e5d0000 | 0x0e5d0000 | 0x0e5d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e5e0000 | 0x0e5e0000 | 0x0e5e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e5f0000 | 0x0e5f0000 | 0x0e5f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e600000 | 0x0e600000 | 0x0e600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e610000 | 0x0e610000 | 0x0e610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e620000 | 0x0e620000 | 0x0e620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e630000 | 0x0e630000 | 0x0e630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e640000 | 0x0e640000 | 0x0e640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e650000 | 0x0e650000 | 0x0e650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e660000 | 0x0e660000 | 0x0e660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e670000 | 0x0e670000 | 0x0e670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e680000 | 0x0e680000 | 0x0e680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e690000 | 0x0e690000 | 0x0e690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e6a0000 | 0x0e6a0000 | 0x0e6a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e6b0000 | 0x0e6b0000 | 0x0e6b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e6c0000 | 0x0e6c0000 | 0x0e6c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e6d0000 | 0x0e6d0000 | 0x0e6d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e6e0000 | 0x0e6e0000 | 0x0e6e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e6f0000 | 0x0e6f0000 | 0x0e6f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e700000 | 0x0e700000 | 0x0e700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e710000 | 0x0e710000 | 0x0e710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e720000 | 0x0e720000 | 0x0e720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e730000 | 0x0e730000 | 0x0e730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e740000 | 0x0e740000 | 0x0e740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e750000 | 0x0e750000 | 0x0e750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e760000 | 0x0e760000 | 0x0e760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e770000 | 0x0e770000 | 0x0e770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e780000 | 0x0e780000 | 0x0e780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e790000 | 0x0e790000 | 0x0e790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e7a0000 | 0x0e7a0000 | 0x0e7a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e7b0000 | 0x0e7b0000 | 0x0e7b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e7c0000 | 0x0e7c0000 | 0x0e7c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e7d0000 | 0x0e7d0000 | 0x0e7d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e7e0000 | 0x0e7e0000 | 0x0e7e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e7f0000 | 0x0e7f0000 | 0x0e7f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e800000 | 0x0e800000 | 0x0e800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e810000 | 0x0e810000 | 0x0e810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e820000 | 0x0e820000 | 0x0e820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e830000 | 0x0e830000 | 0x0e830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e840000 | 0x0e840000 | 0x0e840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e850000 | 0x0e850000 | 0x0e850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e860000 | 0x0e860000 | 0x0e860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e870000 | 0x0e870000 | 0x0e870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e880000 | 0x0e880000 | 0x0e880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e890000 | 0x0e890000 | 0x0e890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e8a0000 | 0x0e8a0000 | 0x0e8a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e8b0000 | 0x0e8b0000 | 0x0e8b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e8c0000 | 0x0e8c0000 | 0x0e8c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e8d0000 | 0x0e8d0000 | 0x0e8d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e8e0000 | 0x0e8e0000 | 0x0e8e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e8f0000 | 0x0e8f0000 | 0x0e8f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e900000 | 0x0e900000 | 0x0e900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e910000 | 0x0e910000 | 0x0e910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e920000 | 0x0e920000 | 0x0e920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e930000 | 0x0e930000 | 0x0e930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e940000 | 0x0e940000 | 0x0e940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e950000 | 0x0e950000 | 0x0e950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e960000 | 0x0e960000 | 0x0e960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e970000 | 0x0e970000 | 0x0e970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e980000 | 0x0e980000 | 0x0e980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e990000 | 0x0e990000 | 0x0e990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e9a0000 | 0x0e9a0000 | 0x0e9a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e9b0000 | 0x0e9b0000 | 0x0e9b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e9c0000 | 0x0e9c0000 | 0x0e9c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e9d0000 | 0x0e9d0000 | 0x0e9d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e9e0000 | 0x0e9e0000 | 0x0e9e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000e9f0000 | 0x0e9f0000 | 0x0e9f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ea00000 | 0x0ea00000 | 0x0ea00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ea10000 | 0x0ea10000 | 0x0ea10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ea20000 | 0x0ea20000 | 0x0ea20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ea30000 | 0x0ea30000 | 0x0ea30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ea40000 | 0x0ea40000 | 0x0ea40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ea50000 | 0x0ea50000 | 0x0ea50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ea60000 | 0x0ea60000 | 0x0ea60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ea70000 | 0x0ea70000 | 0x0ea70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ea80000 | 0x0ea80000 | 0x0ea80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ea90000 | 0x0ea90000 | 0x0ea90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eaa0000 | 0x0eaa0000 | 0x0eaa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eab0000 | 0x0eab0000 | 0x0eab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eac0000 | 0x0eac0000 | 0x0eac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ead0000 | 0x0ead0000 | 0x0ead0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eae0000 | 0x0eae0000 | 0x0eae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eaf0000 | 0x0eaf0000 | 0x0eaf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eb00000 | 0x0eb00000 | 0x0eb00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eb10000 | 0x0eb10000 | 0x0eb10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eb20000 | 0x0eb20000 | 0x0eb20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eb30000 | 0x0eb30000 | 0x0eb30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eb40000 | 0x0eb40000 | 0x0eb40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eb50000 | 0x0eb50000 | 0x0eb50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eb60000 | 0x0eb60000 | 0x0eb60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eb70000 | 0x0eb70000 | 0x0eb70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eb80000 | 0x0eb80000 | 0x0eb80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eb90000 | 0x0eb90000 | 0x0eb90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eba0000 | 0x0eba0000 | 0x0eba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ebb0000 | 0x0ebb0000 | 0x0ebb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ebc0000 | 0x0ebc0000 | 0x0ebc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ebd0000 | 0x0ebd0000 | 0x0ebd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ebe0000 | 0x0ebe0000 | 0x0ebe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ebf0000 | 0x0ebf0000 | 0x0ebf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ec00000 | 0x0ec00000 | 0x0ec00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ec10000 | 0x0ec10000 | 0x0ec10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ec20000 | 0x0ec20000 | 0x0ec20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ec30000 | 0x0ec30000 | 0x0ec30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ec40000 | 0x0ec40000 | 0x0ec40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ec50000 | 0x0ec50000 | 0x0ec50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ec60000 | 0x0ec60000 | 0x0ec60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ec70000 | 0x0ec70000 | 0x0ec70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ec80000 | 0x0ec80000 | 0x0ec80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ec90000 | 0x0ec90000 | 0x0ec90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eca0000 | 0x0eca0000 | 0x0eca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ecb0000 | 0x0ecb0000 | 0x0ecb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ecc0000 | 0x0ecc0000 | 0x0ecc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ecd0000 | 0x0ecd0000 | 0x0ecd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ece0000 | 0x0ece0000 | 0x0ece0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ecf0000 | 0x0ecf0000 | 0x0ecf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ed00000 | 0x0ed00000 | 0x0ed00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ed10000 | 0x0ed10000 | 0x0ed10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ed20000 | 0x0ed20000 | 0x0ed20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ed30000 | 0x0ed30000 | 0x0ed30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ed40000 | 0x0ed40000 | 0x0ed40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ed50000 | 0x0ed50000 | 0x0ed50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ed60000 | 0x0ed60000 | 0x0ed60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ed70000 | 0x0ed70000 | 0x0ed70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ed80000 | 0x0ed80000 | 0x0ed80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ed90000 | 0x0ed90000 | 0x0ed90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eda0000 | 0x0eda0000 | 0x0eda0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000edb0000 | 0x0edb0000 | 0x0edb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000edc0000 | 0x0edc0000 | 0x0edc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000edd0000 | 0x0edd0000 | 0x0edd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ede0000 | 0x0ede0000 | 0x0ede0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000edf0000 | 0x0edf0000 | 0x0edf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ee00000 | 0x0ee00000 | 0x0ee00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ee10000 | 0x0ee10000 | 0x0ee10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ee20000 | 0x0ee20000 | 0x0ee20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ee30000 | 0x0ee30000 | 0x0ee30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ee40000 | 0x0ee40000 | 0x0ee40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ee50000 | 0x0ee50000 | 0x0ee50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ee60000 | 0x0ee60000 | 0x0ee60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ee70000 | 0x0ee70000 | 0x0ee70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ee80000 | 0x0ee80000 | 0x0ee80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ee90000 | 0x0ee90000 | 0x0ee90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eea0000 | 0x0eea0000 | 0x0eea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eeb0000 | 0x0eeb0000 | 0x0eeb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eec0000 | 0x0eec0000 | 0x0eec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eed0000 | 0x0eed0000 | 0x0eed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eee0000 | 0x0eee0000 | 0x0eee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eef0000 | 0x0eef0000 | 0x0eef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ef00000 | 0x0ef00000 | 0x0ef00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ef10000 | 0x0ef10000 | 0x0ef10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ef20000 | 0x0ef20000 | 0x0ef20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ef30000 | 0x0ef30000 | 0x0ef30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ef40000 | 0x0ef40000 | 0x0ef40fff | Private Memory | Readable, Writable, Executable | | | | |
| pagefile_0x000000000ef50000 | 0x0ef50000 | 0x0ef5efff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000000ef50000 | 0x0ef50000 | 0x0ef50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ef60000 | 0x0ef60000 | 0x0ef60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ef70000 | 0x0ef70000 | 0x0ef70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ef80000 | 0x0ef80000 | 0x0ef80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ef90000 | 0x0ef90000 | 0x0ef90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000efa0000 | 0x0efa0000 | 0x0efa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000efb0000 | 0x0efb0000 | 0x0efb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000efc0000 | 0x0efc0000 | 0x0efc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000efd0000 | 0x0efd0000 | 0x0efd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000efe0000 | 0x0efe0000 | 0x0efe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000eff0000 | 0x0eff0000 | 0x0eff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f000000 | 0x0f000000 | 0x0f000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f010000 | 0x0f010000 | 0x0f010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f020000 | 0x0f020000 | 0x0f020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f030000 | 0x0f030000 | 0x0f030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f040000 | 0x0f040000 | 0x0f040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f050000 | 0x0f050000 | 0x0f050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f060000 | 0x0f060000 | 0x0f060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f070000 | 0x0f070000 | 0x0f070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f080000 | 0x0f080000 | 0x0f080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f090000 | 0x0f090000 | 0x0f090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f0a0000 | 0x0f0a0000 | 0x0f0a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f0b0000 | 0x0f0b0000 | 0x0f0b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f0c0000 | 0x0f0c0000 | 0x0f0c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f0d0000 | 0x0f0d0000 | 0x0f0d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f0e0000 | 0x0f0e0000 | 0x0f0e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f0f0000 | 0x0f0f0000 | 0x0f0f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f100000 | 0x0f100000 | 0x0f100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f110000 | 0x0f110000 | 0x0f110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f120000 | 0x0f120000 | 0x0f120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f130000 | 0x0f130000 | 0x0f130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f140000 | 0x0f140000 | 0x0f140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f150000 | 0x0f150000 | 0x0f150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f160000 | 0x0f160000 | 0x0f160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f170000 | 0x0f170000 | 0x0f170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f180000 | 0x0f180000 | 0x0f180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f190000 | 0x0f190000 | 0x0f190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f1a0000 | 0x0f1a0000 | 0x0f1a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f1b0000 | 0x0f1b0000 | 0x0f1b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f1c0000 | 0x0f1c0000 | 0x0f1c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f1d0000 | 0x0f1d0000 | 0x0f1d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f1e0000 | 0x0f1e0000 | 0x0f1e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f1f0000 | 0x0f1f0000 | 0x0f1f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f200000 | 0x0f200000 | 0x0f200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f210000 | 0x0f210000 | 0x0f210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f220000 | 0x0f220000 | 0x0f220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f230000 | 0x0f230000 | 0x0f230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f240000 | 0x0f240000 | 0x0f240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f250000 | 0x0f250000 | 0x0f250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f260000 | 0x0f260000 | 0x0f260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f270000 | 0x0f270000 | 0x0f270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f280000 | 0x0f280000 | 0x0f280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f290000 | 0x0f290000 | 0x0f290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f2a0000 | 0x0f2a0000 | 0x0f2a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f2b0000 | 0x0f2b0000 | 0x0f2b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f2c0000 | 0x0f2c0000 | 0x0f2c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f2d0000 | 0x0f2d0000 | 0x0f2d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f2e0000 | 0x0f2e0000 | 0x0f2e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f2f0000 | 0x0f2f0000 | 0x0f2f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f300000 | 0x0f300000 | 0x0f300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f310000 | 0x0f310000 | 0x0f310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f320000 | 0x0f320000 | 0x0f320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f330000 | 0x0f330000 | 0x0f330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f340000 | 0x0f340000 | 0x0f340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f350000 | 0x0f350000 | 0x0f350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f360000 | 0x0f360000 | 0x0f360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f370000 | 0x0f370000 | 0x0f370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f380000 | 0x0f380000 | 0x0f380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f390000 | 0x0f390000 | 0x0f390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f3a0000 | 0x0f3a0000 | 0x0f3a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f3b0000 | 0x0f3b0000 | 0x0f3b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f3c0000 | 0x0f3c0000 | 0x0f3c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f3d0000 | 0x0f3d0000 | 0x0f3d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f3e0000 | 0x0f3e0000 | 0x0f3e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f3f0000 | 0x0f3f0000 | 0x0f3f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f400000 | 0x0f400000 | 0x0f400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f410000 | 0x0f410000 | 0x0f410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f420000 | 0x0f420000 | 0x0f420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f430000 | 0x0f430000 | 0x0f430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f440000 | 0x0f440000 | 0x0f440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f450000 | 0x0f450000 | 0x0f450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f460000 | 0x0f460000 | 0x0f460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f470000 | 0x0f470000 | 0x0f470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f480000 | 0x0f480000 | 0x0f480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f490000 | 0x0f490000 | 0x0f490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f4a0000 | 0x0f4a0000 | 0x0f4a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f4b0000 | 0x0f4b0000 | 0x0f4b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f4c0000 | 0x0f4c0000 | 0x0f4c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f4d0000 | 0x0f4d0000 | 0x0f4d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f4e0000 | 0x0f4e0000 | 0x0f4e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f4f0000 | 0x0f4f0000 | 0x0f4f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f500000 | 0x0f500000 | 0x0f500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f510000 | 0x0f510000 | 0x0f510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f520000 | 0x0f520000 | 0x0f520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f530000 | 0x0f530000 | 0x0f530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f540000 | 0x0f540000 | 0x0f540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f550000 | 0x0f550000 | 0x0f550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f560000 | 0x0f560000 | 0x0f560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f570000 | 0x0f570000 | 0x0f570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f580000 | 0x0f580000 | 0x0f580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f590000 | 0x0f590000 | 0x0f590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f5a0000 | 0x0f5a0000 | 0x0f5a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f5b0000 | 0x0f5b0000 | 0x0f5b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f5c0000 | 0x0f5c0000 | 0x0f5c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f5d0000 | 0x0f5d0000 | 0x0f5d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f5e0000 | 0x0f5e0000 | 0x0f5e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f5f0000 | 0x0f5f0000 | 0x0f5f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f600000 | 0x0f600000 | 0x0f600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f610000 | 0x0f610000 | 0x0f610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f620000 | 0x0f620000 | 0x0f620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f630000 | 0x0f630000 | 0x0f630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f640000 | 0x0f640000 | 0x0f640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f650000 | 0x0f650000 | 0x0f650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f660000 | 0x0f660000 | 0x0f660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f670000 | 0x0f670000 | 0x0f670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f680000 | 0x0f680000 | 0x0f680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f690000 | 0x0f690000 | 0x0f690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f6a0000 | 0x0f6a0000 | 0x0f6a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f6b0000 | 0x0f6b0000 | 0x0f6b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f6c0000 | 0x0f6c0000 | 0x0f6c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f6d0000 | 0x0f6d0000 | 0x0f6d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f6e0000 | 0x0f6e0000 | 0x0f6e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f6f0000 | 0x0f6f0000 | 0x0f6f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f700000 | 0x0f700000 | 0x0f700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f710000 | 0x0f710000 | 0x0f710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f720000 | 0x0f720000 | 0x0f720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f730000 | 0x0f730000 | 0x0f730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f740000 | 0x0f740000 | 0x0f740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f750000 | 0x0f750000 | 0x0f750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f760000 | 0x0f760000 | 0x0f760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f770000 | 0x0f770000 | 0x0f770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f780000 | 0x0f780000 | 0x0f780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f790000 | 0x0f790000 | 0x0f790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f7a0000 | 0x0f7a0000 | 0x0f7a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f7b0000 | 0x0f7b0000 | 0x0f7b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f7c0000 | 0x0f7c0000 | 0x0f7c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f7d0000 | 0x0f7d0000 | 0x0f7d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f7e0000 | 0x0f7e0000 | 0x0f7e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f7f0000 | 0x0f7f0000 | 0x0f7f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f800000 | 0x0f800000 | 0x0f800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f810000 | 0x0f810000 | 0x0f810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f820000 | 0x0f820000 | 0x0f820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f830000 | 0x0f830000 | 0x0f830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f840000 | 0x0f840000 | 0x0f840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f850000 | 0x0f850000 | 0x0f850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f860000 | 0x0f860000 | 0x0f860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f870000 | 0x0f870000 | 0x0f870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f880000 | 0x0f880000 | 0x0f880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f890000 | 0x0f890000 | 0x0f890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f8a0000 | 0x0f8a0000 | 0x0f8a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f8b0000 | 0x0f8b0000 | 0x0f8b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f8c0000 | 0x0f8c0000 | 0x0f8c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f8d0000 | 0x0f8d0000 | 0x0f8d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f8e0000 | 0x0f8e0000 | 0x0f8e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f8f0000 | 0x0f8f0000 | 0x0f8f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f900000 | 0x0f900000 | 0x0f900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f910000 | 0x0f910000 | 0x0f910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f920000 | 0x0f920000 | 0x0f920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f930000 | 0x0f930000 | 0x0f930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f940000 | 0x0f940000 | 0x0f940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f950000 | 0x0f950000 | 0x0f950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f960000 | 0x0f960000 | 0x0f960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f970000 | 0x0f970000 | 0x0f970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f980000 | 0x0f980000 | 0x0f980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f990000 | 0x0f990000 | 0x0f990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f9a0000 | 0x0f9a0000 | 0x0f9a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f9b0000 | 0x0f9b0000 | 0x0f9b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f9c0000 | 0x0f9c0000 | 0x0f9c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f9d0000 | 0x0f9d0000 | 0x0f9d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f9e0000 | 0x0f9e0000 | 0x0f9e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000f9f0000 | 0x0f9f0000 | 0x0f9f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fa00000 | 0x0fa00000 | 0x0fa00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fa10000 | 0x0fa10000 | 0x0fa10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fa20000 | 0x0fa20000 | 0x0fa20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fa30000 | 0x0fa30000 | 0x0fa30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fa40000 | 0x0fa40000 | 0x0fa40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fa50000 | 0x0fa50000 | 0x0fa50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fa60000 | 0x0fa60000 | 0x0fa60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fa70000 | 0x0fa70000 | 0x0fa70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fa80000 | 0x0fa80000 | 0x0fa80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fa90000 | 0x0fa90000 | 0x0fa90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000faa0000 | 0x0faa0000 | 0x0faa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fab0000 | 0x0fab0000 | 0x0fab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fac0000 | 0x0fac0000 | 0x0fac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fad0000 | 0x0fad0000 | 0x0fad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fae0000 | 0x0fae0000 | 0x0fae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000faf0000 | 0x0faf0000 | 0x0faf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fb00000 | 0x0fb00000 | 0x0fb00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fb10000 | 0x0fb10000 | 0x0fb10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fb20000 | 0x0fb20000 | 0x0fb20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fb30000 | 0x0fb30000 | 0x0fb30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fb40000 | 0x0fb40000 | 0x0fb40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fb50000 | 0x0fb50000 | 0x0fb50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fb60000 | 0x0fb60000 | 0x0fb60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fb70000 | 0x0fb70000 | 0x0fb70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fb80000 | 0x0fb80000 | 0x0fb80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fb90000 | 0x0fb90000 | 0x0fb90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fba0000 | 0x0fba0000 | 0x0fba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fbb0000 | 0x0fbb0000 | 0x0fbb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fbc0000 | 0x0fbc0000 | 0x0fbc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fbd0000 | 0x0fbd0000 | 0x0fbd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fbe0000 | 0x0fbe0000 | 0x0fbe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fbf0000 | 0x0fbf0000 | 0x0fbf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fc00000 | 0x0fc00000 | 0x0fc00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fc10000 | 0x0fc10000 | 0x0fc10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fc20000 | 0x0fc20000 | 0x0fc20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fc30000 | 0x0fc30000 | 0x0fc30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fc40000 | 0x0fc40000 | 0x0fc40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fc50000 | 0x0fc50000 | 0x0fc50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fc60000 | 0x0fc60000 | 0x0fc60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fc70000 | 0x0fc70000 | 0x0fc70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fc80000 | 0x0fc80000 | 0x0fc80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fc90000 | 0x0fc90000 | 0x0fc90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fca0000 | 0x0fca0000 | 0x0fca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fcb0000 | 0x0fcb0000 | 0x0fcb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fcc0000 | 0x0fcc0000 | 0x0fcc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fcd0000 | 0x0fcd0000 | 0x0fcd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fce0000 | 0x0fce0000 | 0x0fce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fcf0000 | 0x0fcf0000 | 0x0fcf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fd00000 | 0x0fd00000 | 0x0fd00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fd10000 | 0x0fd10000 | 0x0fd10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fd20000 | 0x0fd20000 | 0x0fd20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fd30000 | 0x0fd30000 | 0x0fd30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fd40000 | 0x0fd40000 | 0x0fd40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fd50000 | 0x0fd50000 | 0x0fd50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fd60000 | 0x0fd60000 | 0x0fd60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fd70000 | 0x0fd70000 | 0x0fd70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fd80000 | 0x0fd80000 | 0x0fd80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fd90000 | 0x0fd90000 | 0x0fd90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fda0000 | 0x0fda0000 | 0x0fda0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fdb0000 | 0x0fdb0000 | 0x0fdb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fdc0000 | 0x0fdc0000 | 0x0fdc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fdd0000 | 0x0fdd0000 | 0x0fdd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fde0000 | 0x0fde0000 | 0x0fde0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fdf0000 | 0x0fdf0000 | 0x0fdf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fe00000 | 0x0fe00000 | 0x0fe00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fe10000 | 0x0fe10000 | 0x0fe10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fe20000 | 0x0fe20000 | 0x0fe20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fe30000 | 0x0fe30000 | 0x0fe30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fe40000 | 0x0fe40000 | 0x0fe40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fe50000 | 0x0fe50000 | 0x0fe50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fe60000 | 0x0fe60000 | 0x0fe60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fe70000 | 0x0fe70000 | 0x0fe70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fe80000 | 0x0fe80000 | 0x0fe80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fe90000 | 0x0fe90000 | 0x0fe90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fea0000 | 0x0fea0000 | 0x0fea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000feb0000 | 0x0feb0000 | 0x0feb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fec0000 | 0x0fec0000 | 0x0fec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fed0000 | 0x0fed0000 | 0x0fed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fee0000 | 0x0fee0000 | 0x0fee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fef0000 | 0x0fef0000 | 0x0fef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ff00000 | 0x0ff00000 | 0x0ff00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ff10000 | 0x0ff10000 | 0x0ff10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ff20000 | 0x0ff20000 | 0x0ff20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ff30000 | 0x0ff30000 | 0x0ff30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ff40000 | 0x0ff40000 | 0x0ff40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ff50000 | 0x0ff50000 | 0x0ff50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ff60000 | 0x0ff60000 | 0x0ff60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ff70000 | 0x0ff70000 | 0x0ff70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ff80000 | 0x0ff80000 | 0x0ff80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ff90000 | 0x0ff90000 | 0x0ff90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ffa0000 | 0x0ffa0000 | 0x0ffa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ffb0000 | 0x0ffb0000 | 0x0ffb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ffc0000 | 0x0ffc0000 | 0x0ffc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ffd0000 | 0x0ffd0000 | 0x0ffd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ffe0000 | 0x0ffe0000 | 0x0ffe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000fff0000 | 0x0fff0000 | 0x0fff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010000000 | 0x10000000 | 0x10000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010010000 | 0x10010000 | 0x10010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010020000 | 0x10020000 | 0x10020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010030000 | 0x10030000 | 0x10030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010040000 | 0x10040000 | 0x10040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010050000 | 0x10050000 | 0x10050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010060000 | 0x10060000 | 0x10060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010070000 | 0x10070000 | 0x10070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010080000 | 0x10080000 | 0x10080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010090000 | 0x10090000 | 0x10090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000100a0000 | 0x100a0000 | 0x100a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000100b0000 | 0x100b0000 | 0x100b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000100c0000 | 0x100c0000 | 0x100c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000100d0000 | 0x100d0000 | 0x100d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000100e0000 | 0x100e0000 | 0x100e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000100f0000 | 0x100f0000 | 0x100f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010100000 | 0x10100000 | 0x10100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010110000 | 0x10110000 | 0x10110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010120000 | 0x10120000 | 0x10120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010130000 | 0x10130000 | 0x10130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010140000 | 0x10140000 | 0x10140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010150000 | 0x10150000 | 0x10150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010160000 | 0x10160000 | 0x10160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010170000 | 0x10170000 | 0x10170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010180000 | 0x10180000 | 0x10180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010190000 | 0x10190000 | 0x10190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000101a0000 | 0x101a0000 | 0x101a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000101b0000 | 0x101b0000 | 0x101b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000101c0000 | 0x101c0000 | 0x101c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000101d0000 | 0x101d0000 | 0x101d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000101e0000 | 0x101e0000 | 0x101e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000101f0000 | 0x101f0000 | 0x101f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010200000 | 0x10200000 | 0x10200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010210000 | 0x10210000 | 0x10210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010220000 | 0x10220000 | 0x10220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010230000 | 0x10230000 | 0x10230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010240000 | 0x10240000 | 0x10240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010250000 | 0x10250000 | 0x10250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010260000 | 0x10260000 | 0x10260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010270000 | 0x10270000 | 0x10270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010280000 | 0x10280000 | 0x10280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010290000 | 0x10290000 | 0x10290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000102a0000 | 0x102a0000 | 0x102a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000102b0000 | 0x102b0000 | 0x102b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000102c0000 | 0x102c0000 | 0x102c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000102d0000 | 0x102d0000 | 0x102d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000102e0000 | 0x102e0000 | 0x102e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000102f0000 | 0x102f0000 | 0x102f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010300000 | 0x10300000 | 0x10300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010310000 | 0x10310000 | 0x10310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010320000 | 0x10320000 | 0x10320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010330000 | 0x10330000 | 0x10330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010340000 | 0x10340000 | 0x10340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010350000 | 0x10350000 | 0x10350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010360000 | 0x10360000 | 0x10360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010370000 | 0x10370000 | 0x10370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010380000 | 0x10380000 | 0x10380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010390000 | 0x10390000 | 0x10390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000103a0000 | 0x103a0000 | 0x103a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000103b0000 | 0x103b0000 | 0x103b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000103c0000 | 0x103c0000 | 0x103c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000103d0000 | 0x103d0000 | 0x103d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000103e0000 | 0x103e0000 | 0x103e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000103f0000 | 0x103f0000 | 0x103f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010400000 | 0x10400000 | 0x10400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010470000 | 0x10470000 | 0x10470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010480000 | 0x10480000 | 0x10480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010490000 | 0x10490000 | 0x10490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000104a0000 | 0x104a0000 | 0x104a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000104b0000 | 0x104b0000 | 0x104b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000104c0000 | 0x104c0000 | 0x104c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000104d0000 | 0x104d0000 | 0x104d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000104e0000 | 0x104e0000 | 0x104e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000104f0000 | 0x104f0000 | 0x104f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010500000 | 0x10500000 | 0x10500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010510000 | 0x10510000 | 0x10510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010520000 | 0x10520000 | 0x10520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010530000 | 0x10530000 | 0x10530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010540000 | 0x10540000 | 0x10540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010550000 | 0x10550000 | 0x10550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010560000 | 0x10560000 | 0x10560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010570000 | 0x10570000 | 0x10570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010580000 | 0x10580000 | 0x10580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010590000 | 0x10590000 | 0x10590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000105a0000 | 0x105a0000 | 0x105a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000105b0000 | 0x105b0000 | 0x105b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000105c0000 | 0x105c0000 | 0x105c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000105d0000 | 0x105d0000 | 0x105d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000105e0000 | 0x105e0000 | 0x105e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000105f0000 | 0x105f0000 | 0x105f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010600000 | 0x10600000 | 0x10600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010610000 | 0x10610000 | 0x10610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010620000 | 0x10620000 | 0x10620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010630000 | 0x10630000 | 0x10630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010640000 | 0x10640000 | 0x10640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010650000 | 0x10650000 | 0x10650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010660000 | 0x10660000 | 0x10660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010670000 | 0x10670000 | 0x10670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010680000 | 0x10680000 | 0x10680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010690000 | 0x10690000 | 0x10690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000106a0000 | 0x106a0000 | 0x106a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000106b0000 | 0x106b0000 | 0x106b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000106c0000 | 0x106c0000 | 0x106c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000106d0000 | 0x106d0000 | 0x106d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000106e0000 | 0x106e0000 | 0x106e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000106f0000 | 0x106f0000 | 0x106f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010700000 | 0x10700000 | 0x10700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010710000 | 0x10710000 | 0x10710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010720000 | 0x10720000 | 0x10720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010730000 | 0x10730000 | 0x10730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010740000 | 0x10740000 | 0x10740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010750000 | 0x10750000 | 0x10750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010760000 | 0x10760000 | 0x10760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010770000 | 0x10770000 | 0x10770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010780000 | 0x10780000 | 0x10780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010790000 | 0x10790000 | 0x10790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000107a0000 | 0x107a0000 | 0x107a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000107b0000 | 0x107b0000 | 0x107b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000107c0000 | 0x107c0000 | 0x107c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000107d0000 | 0x107d0000 | 0x107d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000107e0000 | 0x107e0000 | 0x107e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000107f0000 | 0x107f0000 | 0x107f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010800000 | 0x10800000 | 0x10800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010810000 | 0x10810000 | 0x10810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010820000 | 0x10820000 | 0x10820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010830000 | 0x10830000 | 0x10830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010840000 | 0x10840000 | 0x10840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010850000 | 0x10850000 | 0x10850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010860000 | 0x10860000 | 0x10860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010870000 | 0x10870000 | 0x10870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010880000 | 0x10880000 | 0x10880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010890000 | 0x10890000 | 0x10890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000108a0000 | 0x108a0000 | 0x108a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000108b0000 | 0x108b0000 | 0x108b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000108c0000 | 0x108c0000 | 0x108c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000108d0000 | 0x108d0000 | 0x108d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000108e0000 | 0x108e0000 | 0x108e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000108f0000 | 0x108f0000 | 0x108f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010900000 | 0x10900000 | 0x10900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010910000 | 0x10910000 | 0x10910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010920000 | 0x10920000 | 0x10920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010930000 | 0x10930000 | 0x10930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010940000 | 0x10940000 | 0x10940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010950000 | 0x10950000 | 0x10950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010960000 | 0x10960000 | 0x10960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010970000 | 0x10970000 | 0x10970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010980000 | 0x10980000 | 0x10980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010990000 | 0x10990000 | 0x10990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000109a0000 | 0x109a0000 | 0x109a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000109b0000 | 0x109b0000 | 0x109b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000109c0000 | 0x109c0000 | 0x109c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000109d0000 | 0x109d0000 | 0x109d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000109e0000 | 0x109e0000 | 0x109e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000109f0000 | 0x109f0000 | 0x109f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010a00000 | 0x10a00000 | 0x10a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010a10000 | 0x10a10000 | 0x10a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010a20000 | 0x10a20000 | 0x10a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010a30000 | 0x10a30000 | 0x10a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010a40000 | 0x10a40000 | 0x10a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010a50000 | 0x10a50000 | 0x10a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010a60000 | 0x10a60000 | 0x10a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010a70000 | 0x10a70000 | 0x10a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010a80000 | 0x10a80000 | 0x10a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010a90000 | 0x10a90000 | 0x10a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010aa0000 | 0x10aa0000 | 0x10aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010ab0000 | 0x10ab0000 | 0x10ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010ac0000 | 0x10ac0000 | 0x10ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010ad0000 | 0x10ad0000 | 0x10ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010ae0000 | 0x10ae0000 | 0x10ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010af0000 | 0x10af0000 | 0x10af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010b00000 | 0x10b00000 | 0x10b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010b10000 | 0x10b10000 | 0x10b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010b20000 | 0x10b20000 | 0x10b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010b30000 | 0x10b30000 | 0x10b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010b40000 | 0x10b40000 | 0x10b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010b50000 | 0x10b50000 | 0x10b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010b60000 | 0x10b60000 | 0x10b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010b70000 | 0x10b70000 | 0x10b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010b80000 | 0x10b80000 | 0x10b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010b90000 | 0x10b90000 | 0x10b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010ba0000 | 0x10ba0000 | 0x10ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010bb0000 | 0x10bb0000 | 0x10bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010bc0000 | 0x10bc0000 | 0x10bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010bd0000 | 0x10bd0000 | 0x10bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010be0000 | 0x10be0000 | 0x10be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010bf0000 | 0x10bf0000 | 0x10bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010c00000 | 0x10c00000 | 0x10c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010c10000 | 0x10c10000 | 0x10c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010c20000 | 0x10c20000 | 0x10c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010c30000 | 0x10c30000 | 0x10c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010c40000 | 0x10c40000 | 0x10c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010c50000 | 0x10c50000 | 0x10c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010c60000 | 0x10c60000 | 0x10c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010c70000 | 0x10c70000 | 0x10c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010c80000 | 0x10c80000 | 0x10c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010c90000 | 0x10c90000 | 0x10c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010ca0000 | 0x10ca0000 | 0x10ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010cb0000 | 0x10cb0000 | 0x10cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010cc0000 | 0x10cc0000 | 0x10cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010cd0000 | 0x10cd0000 | 0x10cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010ce0000 | 0x10ce0000 | 0x10ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010cf0000 | 0x10cf0000 | 0x10cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010d00000 | 0x10d00000 | 0x10d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010d10000 | 0x10d10000 | 0x10d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010d20000 | 0x10d20000 | 0x10d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010d30000 | 0x10d30000 | 0x10d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010d40000 | 0x10d40000 | 0x10d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010d50000 | 0x10d50000 | 0x10d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010d60000 | 0x10d60000 | 0x10d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010d70000 | 0x10d70000 | 0x10d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010d80000 | 0x10d80000 | 0x10d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010d90000 | 0x10d90000 | 0x10d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010da0000 | 0x10da0000 | 0x10da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010db0000 | 0x10db0000 | 0x10db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010dc0000 | 0x10dc0000 | 0x10dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010dd0000 | 0x10dd0000 | 0x10dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010de0000 | 0x10de0000 | 0x10de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010df0000 | 0x10df0000 | 0x10df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010e00000 | 0x10e00000 | 0x10e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010e10000 | 0x10e10000 | 0x10e12fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010e10000 | 0x10e10000 | 0x10e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010e20000 | 0x10e20000 | 0x10e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010e30000 | 0x10e30000 | 0x10e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010e40000 | 0x10e40000 | 0x10e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010e50000 | 0x10e50000 | 0x10e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010e60000 | 0x10e60000 | 0x10e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010e70000 | 0x10e70000 | 0x10e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010e80000 | 0x10e80000 | 0x10e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010e90000 | 0x10e90000 | 0x10e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010ea0000 | 0x10ea0000 | 0x10ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010eb0000 | 0x10eb0000 | 0x10eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010ec0000 | 0x10ec0000 | 0x10ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010ed0000 | 0x10ed0000 | 0x10ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010ee0000 | 0x10ee0000 | 0x10ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010ef0000 | 0x10ef0000 | 0x10ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010f00000 | 0x10f00000 | 0x10f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010f10000 | 0x10f10000 | 0x10f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010f20000 | 0x10f20000 | 0x10f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010f30000 | 0x10f30000 | 0x10f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010f40000 | 0x10f40000 | 0x10f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010f50000 | 0x10f50000 | 0x10f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010f60000 | 0x10f60000 | 0x10f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010f70000 | 0x10f70000 | 0x10f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010f80000 | 0x10f80000 | 0x10f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010f90000 | 0x10f90000 | 0x10f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010fa0000 | 0x10fa0000 | 0x10fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010fb0000 | 0x10fb0000 | 0x10fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010fc0000 | 0x10fc0000 | 0x10fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010fd0000 | 0x10fd0000 | 0x10fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010fe0000 | 0x10fe0000 | 0x10fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010ff0000 | 0x10ff0000 | 0x10ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011000000 | 0x11000000 | 0x11000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011010000 | 0x11010000 | 0x11010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011020000 | 0x11020000 | 0x11020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011030000 | 0x11030000 | 0x11030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011040000 | 0x11040000 | 0x11040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011050000 | 0x11050000 | 0x11050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011060000 | 0x11060000 | 0x11060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011070000 | 0x11070000 | 0x11070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011080000 | 0x11080000 | 0x11080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011090000 | 0x11090000 | 0x11090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000110a0000 | 0x110a0000 | 0x110a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000110b0000 | 0x110b0000 | 0x110b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000110c0000 | 0x110c0000 | 0x110c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000110d0000 | 0x110d0000 | 0x110d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000110e0000 | 0x110e0000 | 0x110e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000110f0000 | 0x110f0000 | 0x110f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011100000 | 0x11100000 | 0x11100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011110000 | 0x11110000 | 0x11110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011120000 | 0x11120000 | 0x11120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011130000 | 0x11130000 | 0x11130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011140000 | 0x11140000 | 0x11140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011150000 | 0x11150000 | 0x11150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011160000 | 0x11160000 | 0x11160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011170000 | 0x11170000 | 0x11170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011180000 | 0x11180000 | 0x11180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011190000 | 0x11190000 | 0x11190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000111a0000 | 0x111a0000 | 0x111a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000111b0000 | 0x111b0000 | 0x111b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000111c0000 | 0x111c0000 | 0x111c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000111d0000 | 0x111d0000 | 0x111d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000111e0000 | 0x111e0000 | 0x111e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000111f0000 | 0x111f0000 | 0x111f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011200000 | 0x11200000 | 0x11200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011210000 | 0x11210000 | 0x11210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011220000 | 0x11220000 | 0x11220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011230000 | 0x11230000 | 0x11230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011240000 | 0x11240000 | 0x11240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011250000 | 0x11250000 | 0x11250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011260000 | 0x11260000 | 0x11260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011270000 | 0x11270000 | 0x11270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011280000 | 0x11280000 | 0x11280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011290000 | 0x11290000 | 0x11290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000112a0000 | 0x112a0000 | 0x112a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000112b0000 | 0x112b0000 | 0x112b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000112c0000 | 0x112c0000 | 0x112c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000112d0000 | 0x112d0000 | 0x112d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000112e0000 | 0x112e0000 | 0x112e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000112f0000 | 0x112f0000 | 0x112f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011300000 | 0x11300000 | 0x11300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011310000 | 0x11310000 | 0x11310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011320000 | 0x11320000 | 0x11320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011330000 | 0x11330000 | 0x11330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011340000 | 0x11340000 | 0x11340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011350000 | 0x11350000 | 0x11350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011360000 | 0x11360000 | 0x11360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011370000 | 0x11370000 | 0x11370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011380000 | 0x11380000 | 0x11380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011390000 | 0x11390000 | 0x11390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000113a0000 | 0x113a0000 | 0x113a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000113b0000 | 0x113b0000 | 0x113b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000113c0000 | 0x113c0000 | 0x113c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000113d0000 | 0x113d0000 | 0x113d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000113e0000 | 0x113e0000 | 0x113e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000113f0000 | 0x113f0000 | 0x113f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011400000 | 0x11400000 | 0x11400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011410000 | 0x11410000 | 0x11410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011420000 | 0x11420000 | 0x11420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011430000 | 0x11430000 | 0x11430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011440000 | 0x11440000 | 0x11440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011450000 | 0x11450000 | 0x11450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011460000 | 0x11460000 | 0x11460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011470000 | 0x11470000 | 0x11470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011480000 | 0x11480000 | 0x11480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011490000 | 0x11490000 | 0x11490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000114a0000 | 0x114a0000 | 0x114a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000114b0000 | 0x114b0000 | 0x114b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000114c0000 | 0x114c0000 | 0x114c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000114d0000 | 0x114d0000 | 0x114d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000114e0000 | 0x114e0000 | 0x114e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000114f0000 | 0x114f0000 | 0x114f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011500000 | 0x11500000 | 0x11500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011510000 | 0x11510000 | 0x11510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011520000 | 0x11520000 | 0x11520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011530000 | 0x11530000 | 0x11530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011540000 | 0x11540000 | 0x11540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011550000 | 0x11550000 | 0x11550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011560000 | 0x11560000 | 0x11560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011570000 | 0x11570000 | 0x11570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011580000 | 0x11580000 | 0x11580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011590000 | 0x11590000 | 0x11590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000115a0000 | 0x115a0000 | 0x115a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000115b0000 | 0x115b0000 | 0x115b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000115c0000 | 0x115c0000 | 0x115c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000115d0000 | 0x115d0000 | 0x115d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000115e0000 | 0x115e0000 | 0x115e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000115f0000 | 0x115f0000 | 0x115f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011600000 | 0x11600000 | 0x11600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011610000 | 0x11610000 | 0x11610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011620000 | 0x11620000 | 0x11620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011630000 | 0x11630000 | 0x11630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011640000 | 0x11640000 | 0x11640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011650000 | 0x11650000 | 0x11650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011660000 | 0x11660000 | 0x11660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011670000 | 0x11670000 | 0x11670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011680000 | 0x11680000 | 0x11680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011690000 | 0x11690000 | 0x11690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000116a0000 | 0x116a0000 | 0x116a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000116b0000 | 0x116b0000 | 0x116b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000116c0000 | 0x116c0000 | 0x116c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000116d0000 | 0x116d0000 | 0x116d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000116e0000 | 0x116e0000 | 0x116e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000116f0000 | 0x116f0000 | 0x116f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011700000 | 0x11700000 | 0x11700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011710000 | 0x11710000 | 0x11710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011720000 | 0x11720000 | 0x11720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011730000 | 0x11730000 | 0x11730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011740000 | 0x11740000 | 0x11740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011750000 | 0x11750000 | 0x11750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011760000 | 0x11760000 | 0x11760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011770000 | 0x11770000 | 0x11770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011780000 | 0x11780000 | 0x11780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011790000 | 0x11790000 | 0x11790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000117a0000 | 0x117a0000 | 0x117a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000117b0000 | 0x117b0000 | 0x117b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000117c0000 | 0x117c0000 | 0x117c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000117d0000 | 0x117d0000 | 0x117d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000117e0000 | 0x117e0000 | 0x117e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000117f0000 | 0x117f0000 | 0x117f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011800000 | 0x11800000 | 0x11800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011810000 | 0x11810000 | 0x11810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011820000 | 0x11820000 | 0x11820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011830000 | 0x11830000 | 0x11830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011840000 | 0x11840000 | 0x11840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011850000 | 0x11850000 | 0x11850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011860000 | 0x11860000 | 0x11860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011870000 | 0x11870000 | 0x11870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011880000 | 0x11880000 | 0x11880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011890000 | 0x11890000 | 0x11890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000118a0000 | 0x118a0000 | 0x118a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000118b0000 | 0x118b0000 | 0x118b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000118c0000 | 0x118c0000 | 0x118c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000118d0000 | 0x118d0000 | 0x118d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000118e0000 | 0x118e0000 | 0x118e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000118f0000 | 0x118f0000 | 0x118f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011900000 | 0x11900000 | 0x11900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011910000 | 0x11910000 | 0x11910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011920000 | 0x11920000 | 0x11920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011930000 | 0x11930000 | 0x11930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011940000 | 0x11940000 | 0x11940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011950000 | 0x11950000 | 0x11950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011960000 | 0x11960000 | 0x11960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011970000 | 0x11970000 | 0x11970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011980000 | 0x11980000 | 0x11980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011990000 | 0x11990000 | 0x11990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000119a0000 | 0x119a0000 | 0x119a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000119b0000 | 0x119b0000 | 0x119b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000119c0000 | 0x119c0000 | 0x119c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000119d0000 | 0x119d0000 | 0x119d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000119e0000 | 0x119e0000 | 0x119e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000119f0000 | 0x119f0000 | 0x119f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011a00000 | 0x11a00000 | 0x11a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011a10000 | 0x11a10000 | 0x11a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011a20000 | 0x11a20000 | 0x11a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011a30000 | 0x11a30000 | 0x11a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011a40000 | 0x11a40000 | 0x11a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011a50000 | 0x11a50000 | 0x11a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011a60000 | 0x11a60000 | 0x11a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011a70000 | 0x11a70000 | 0x11a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011a80000 | 0x11a80000 | 0x11a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011a90000 | 0x11a90000 | 0x11a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011aa0000 | 0x11aa0000 | 0x11aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011ab0000 | 0x11ab0000 | 0x11ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011ac0000 | 0x11ac0000 | 0x11ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011ad0000 | 0x11ad0000 | 0x11ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011ae0000 | 0x11ae0000 | 0x11ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011af0000 | 0x11af0000 | 0x11af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011b00000 | 0x11b00000 | 0x11b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011b10000 | 0x11b10000 | 0x11b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011b20000 | 0x11b20000 | 0x11b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011b30000 | 0x11b30000 | 0x11b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011b40000 | 0x11b40000 | 0x11b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011b50000 | 0x11b50000 | 0x11b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011b60000 | 0x11b60000 | 0x11b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011b70000 | 0x11b70000 | 0x11b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011b80000 | 0x11b80000 | 0x11b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011b90000 | 0x11b90000 | 0x11b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011ba0000 | 0x11ba0000 | 0x11ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011bb0000 | 0x11bb0000 | 0x11bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011bc0000 | 0x11bc0000 | 0x11bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011bd0000 | 0x11bd0000 | 0x11bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011be0000 | 0x11be0000 | 0x11be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011bf0000 | 0x11bf0000 | 0x11bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011c00000 | 0x11c00000 | 0x11c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011c10000 | 0x11c10000 | 0x11c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011c20000 | 0x11c20000 | 0x11c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011c30000 | 0x11c30000 | 0x11c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011c40000 | 0x11c40000 | 0x11c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011c50000 | 0x11c50000 | 0x11c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011c60000 | 0x11c60000 | 0x11c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011c70000 | 0x11c70000 | 0x11c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011c80000 | 0x11c80000 | 0x11c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011c90000 | 0x11c90000 | 0x11c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011ca0000 | 0x11ca0000 | 0x11ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011cb0000 | 0x11cb0000 | 0x11cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011cc0000 | 0x11cc0000 | 0x11cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011cd0000 | 0x11cd0000 | 0x11cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011ce0000 | 0x11ce0000 | 0x11ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011cf0000 | 0x11cf0000 | 0x11cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011d00000 | 0x11d00000 | 0x11d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011d10000 | 0x11d10000 | 0x11d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011d20000 | 0x11d20000 | 0x11d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011d30000 | 0x11d30000 | 0x11d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011d40000 | 0x11d40000 | 0x11d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011d50000 | 0x11d50000 | 0x11d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011d60000 | 0x11d60000 | 0x11d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011d70000 | 0x11d70000 | 0x11d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011d80000 | 0x11d80000 | 0x11d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011d90000 | 0x11d90000 | 0x11d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011da0000 | 0x11da0000 | 0x11da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011db0000 | 0x11db0000 | 0x11db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011dc0000 | 0x11dc0000 | 0x11dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011dd0000 | 0x11dd0000 | 0x11dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011de0000 | 0x11de0000 | 0x11de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011df0000 | 0x11df0000 | 0x11df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011e00000 | 0x11e00000 | 0x11e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011e10000 | 0x11e10000 | 0x11e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011e20000 | 0x11e20000 | 0x11e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011e30000 | 0x11e30000 | 0x11e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011e40000 | 0x11e40000 | 0x11e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011e50000 | 0x11e50000 | 0x11e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011e60000 | 0x11e60000 | 0x11e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011e70000 | 0x11e70000 | 0x11e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011e80000 | 0x11e80000 | 0x11e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011e90000 | 0x11e90000 | 0x11e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011ea0000 | 0x11ea0000 | 0x11ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011eb0000 | 0x11eb0000 | 0x11eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011ec0000 | 0x11ec0000 | 0x11ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011ed0000 | 0x11ed0000 | 0x11ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011ee0000 | 0x11ee0000 | 0x11ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011ef0000 | 0x11ef0000 | 0x11ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011f00000 | 0x11f00000 | 0x11f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011f10000 | 0x11f10000 | 0x11f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011f20000 | 0x11f20000 | 0x11f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011f30000 | 0x11f30000 | 0x11f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011f40000 | 0x11f40000 | 0x11f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011f50000 | 0x11f50000 | 0x11f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011f60000 | 0x11f60000 | 0x11f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011f70000 | 0x11f70000 | 0x11f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011f80000 | 0x11f80000 | 0x11f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011f90000 | 0x11f90000 | 0x11f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011fa0000 | 0x11fa0000 | 0x11fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011fb0000 | 0x11fb0000 | 0x11fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011fc0000 | 0x11fc0000 | 0x11fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011fd0000 | 0x11fd0000 | 0x11fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011fe0000 | 0x11fe0000 | 0x11fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000011ff0000 | 0x11ff0000 | 0x11ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012000000 | 0x12000000 | 0x12000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012010000 | 0x12010000 | 0x12010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012020000 | 0x12020000 | 0x12020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012030000 | 0x12030000 | 0x12030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012040000 | 0x12040000 | 0x12040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012050000 | 0x12050000 | 0x12050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012060000 | 0x12060000 | 0x12060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012070000 | 0x12070000 | 0x12070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012080000 | 0x12080000 | 0x12080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012090000 | 0x12090000 | 0x12090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000120a0000 | 0x120a0000 | 0x120a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000120b0000 | 0x120b0000 | 0x120b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000120c0000 | 0x120c0000 | 0x120c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000120d0000 | 0x120d0000 | 0x120d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000120e0000 | 0x120e0000 | 0x120e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000120f0000 | 0x120f0000 | 0x120f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012100000 | 0x12100000 | 0x12100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012110000 | 0x12110000 | 0x12110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012120000 | 0x12120000 | 0x12120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012130000 | 0x12130000 | 0x12130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012140000 | 0x12140000 | 0x12140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012150000 | 0x12150000 | 0x12150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012160000 | 0x12160000 | 0x12160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012170000 | 0x12170000 | 0x12170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012180000 | 0x12180000 | 0x12180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012190000 | 0x12190000 | 0x12190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000121a0000 | 0x121a0000 | 0x121a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000121b0000 | 0x121b0000 | 0x121b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000121c0000 | 0x121c0000 | 0x121c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000121d0000 | 0x121d0000 | 0x121d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000121e0000 | 0x121e0000 | 0x121e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000121f0000 | 0x121f0000 | 0x121f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012200000 | 0x12200000 | 0x12200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012210000 | 0x12210000 | 0x12210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012220000 | 0x12220000 | 0x12220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012230000 | 0x12230000 | 0x12230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012240000 | 0x12240000 | 0x12240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012250000 | 0x12250000 | 0x12250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012260000 | 0x12260000 | 0x12260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012270000 | 0x12270000 | 0x12270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012280000 | 0x12280000 | 0x12280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012290000 | 0x12290000 | 0x12290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000122a0000 | 0x122a0000 | 0x122a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000122b0000 | 0x122b0000 | 0x122b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000122c0000 | 0x122c0000 | 0x122c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000122d0000 | 0x122d0000 | 0x122d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000122e0000 | 0x122e0000 | 0x122e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000122f0000 | 0x122f0000 | 0x122f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012300000 | 0x12300000 | 0x12300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012310000 | 0x12310000 | 0x12310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012320000 | 0x12320000 | 0x12320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012330000 | 0x12330000 | 0x12330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012340000 | 0x12340000 | 0x12340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012350000 | 0x12350000 | 0x12350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012360000 | 0x12360000 | 0x12360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012370000 | 0x12370000 | 0x12370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012380000 | 0x12380000 | 0x12380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012390000 | 0x12390000 | 0x12390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000123a0000 | 0x123a0000 | 0x123a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000123b0000 | 0x123b0000 | 0x123b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000123c0000 | 0x123c0000 | 0x123c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000123d0000 | 0x123d0000 | 0x123d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000123e0000 | 0x123e0000 | 0x123e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000123f0000 | 0x123f0000 | 0x123f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012400000 | 0x12400000 | 0x12400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012410000 | 0x12410000 | 0x12410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012420000 | 0x12420000 | 0x12420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012430000 | 0x12430000 | 0x12430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012440000 | 0x12440000 | 0x12440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012450000 | 0x12450000 | 0x12450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012460000 | 0x12460000 | 0x12460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012470000 | 0x12470000 | 0x12470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012480000 | 0x12480000 | 0x12480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012490000 | 0x12490000 | 0x12490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000124a0000 | 0x124a0000 | 0x124a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000124b0000 | 0x124b0000 | 0x124b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000124c0000 | 0x124c0000 | 0x124c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000124d0000 | 0x124d0000 | 0x124d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000124e0000 | 0x124e0000 | 0x124e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000124f0000 | 0x124f0000 | 0x124f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012500000 | 0x12500000 | 0x12500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012510000 | 0x12510000 | 0x12510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012520000 | 0x12520000 | 0x12520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012530000 | 0x12530000 | 0x12530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012540000 | 0x12540000 | 0x12540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012550000 | 0x12550000 | 0x12550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012560000 | 0x12560000 | 0x12560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012570000 | 0x12570000 | 0x12570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012580000 | 0x12580000 | 0x12580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012590000 | 0x12590000 | 0x12590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000125a0000 | 0x125a0000 | 0x125a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000125b0000 | 0x125b0000 | 0x125b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000125c0000 | 0x125c0000 | 0x125c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000125d0000 | 0x125d0000 | 0x125d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000125e0000 | 0x125e0000 | 0x125e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000125f0000 | 0x125f0000 | 0x125f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012600000 | 0x12600000 | 0x12600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012610000 | 0x12610000 | 0x12610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012620000 | 0x12620000 | 0x12620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012630000 | 0x12630000 | 0x12630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012640000 | 0x12640000 | 0x12640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012650000 | 0x12650000 | 0x12650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012660000 | 0x12660000 | 0x12660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012670000 | 0x12670000 | 0x12670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012680000 | 0x12680000 | 0x12680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012690000 | 0x12690000 | 0x12690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000126a0000 | 0x126a0000 | 0x126a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000126b0000 | 0x126b0000 | 0x126b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000126c0000 | 0x126c0000 | 0x126c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000126d0000 | 0x126d0000 | 0x126d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000126e0000 | 0x126e0000 | 0x126e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000126f0000 | 0x126f0000 | 0x126f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012700000 | 0x12700000 | 0x12700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012710000 | 0x12710000 | 0x12710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012720000 | 0x12720000 | 0x12720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012730000 | 0x12730000 | 0x12730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012740000 | 0x12740000 | 0x12740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012750000 | 0x12750000 | 0x12750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012760000 | 0x12760000 | 0x12760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012770000 | 0x12770000 | 0x12770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012780000 | 0x12780000 | 0x12780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012790000 | 0x12790000 | 0x12790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000127a0000 | 0x127a0000 | 0x127a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000127b0000 | 0x127b0000 | 0x127b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000127c0000 | 0x127c0000 | 0x127c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000127d0000 | 0x127d0000 | 0x127d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000127e0000 | 0x127e0000 | 0x127e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000127f0000 | 0x127f0000 | 0x127f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012800000 | 0x12800000 | 0x12800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012810000 | 0x12810000 | 0x12810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012820000 | 0x12820000 | 0x12820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012830000 | 0x12830000 | 0x12830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012840000 | 0x12840000 | 0x12840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012850000 | 0x12850000 | 0x12850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000012860000 | 0x12860000 | 0x12860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| pagefile_0x00007df5ff020000 | 0x7df5ff020000 | 0x7ff5ff01ffff | Pagefile Backed Memory | - | | | | |
| ntoskrnl.exe | 0x7ff6bbc00000 | 0x7ff6bc451fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ff6e442e000 | 0x7ff6e442e000 | 0x7ff6e442ffff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4430000 | 0x7ff6e4430000 | 0x7ff6e4431fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4432000 | 0x7ff6e4432000 | 0x7ff6e4433fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4434000 | 0x7ff6e4434000 | 0x7ff6e4435fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4436000 | 0x7ff6e4436000 | 0x7ff6e4437fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4438000 | 0x7ff6e4438000 | 0x7ff6e4439fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e443a000 | 0x7ff6e443a000 | 0x7ff6e443bfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4440000 | 0x7ff6e4440000 | 0x7ff6e4441fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4442000 | 0x7ff6e4442000 | 0x7ff6e4443fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4444000 | 0x7ff6e4444000 | 0x7ff6e4445fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4448000 | 0x7ff6e4448000 | 0x7ff6e4449fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e444a000 | 0x7ff6e444a000 | 0x7ff6e444bfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e444c000 | 0x7ff6e444c000 | 0x7ff6e444dfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e444e000 | 0x7ff6e444e000 | 0x7ff6e444ffff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4450000 | 0x7ff6e4450000 | 0x7ff6e4451fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4452000 | 0x7ff6e4452000 | 0x7ff6e4453fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4454000 | 0x7ff6e4454000 | 0x7ff6e4455fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4456000 | 0x7ff6e4456000 | 0x7ff6e4457fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4458000 | 0x7ff6e4458000 | 0x7ff6e4459fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e445a000 | 0x7ff6e445a000 | 0x7ff6e445bfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e445c000 | 0x7ff6e445c000 | 0x7ff6e445dfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e445e000 | 0x7ff6e445e000 | 0x7ff6e445ffff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4460000 | 0x7ff6e4460000 | 0x7ff6e4461fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4462000 | 0x7ff6e4462000 | 0x7ff6e4463fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4464000 | 0x7ff6e4464000 | 0x7ff6e4465fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4466000 | 0x7ff6e4466000 | 0x7ff6e4467fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4468000 | 0x7ff6e4468000 | 0x7ff6e4469fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e446a000 | 0x7ff6e446a000 | 0x7ff6e446bfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e446c000 | 0x7ff6e446c000 | 0x7ff6e446dfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e446f000 | 0x7ff6e446f000 | 0x7ff6e4470fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4472000 | 0x7ff6e4472000 | 0x7ff6e4473fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4474000 | 0x7ff6e4474000 | 0x7ff6e4475fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4476000 | 0x7ff6e4476000 | 0x7ff6e4477fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4478000 | 0x7ff6e4478000 | 0x7ff6e4479fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e447a000 | 0x7ff6e447a000 | 0x7ff6e447bfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e447c000 | 0x7ff6e447c000 | 0x7ff6e447dfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e447e000 | 0x7ff6e447e000 | 0x7ff6e447ffff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4480000 | 0x7ff6e4480000 | 0x7ff6e4481fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4482000 | 0x7ff6e4482000 | 0x7ff6e4483fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4484000 | 0x7ff6e4484000 | 0x7ff6e4485fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4486000 | 0x7ff6e4486000 | 0x7ff6e4487fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4488000 | 0x7ff6e4488000 | 0x7ff6e4489fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e448a000 | 0x7ff6e448a000 | 0x7ff6e448bfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e448c000 | 0x7ff6e448c000 | 0x7ff6e448dfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e448e000 | 0x7ff6e448e000 | 0x7ff6e448ffff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4490000 | 0x7ff6e4490000 | 0x7ff6e4491fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4492000 | 0x7ff6e4492000 | 0x7ff6e4493fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4494000 | 0x7ff6e4494000 | 0x7ff6e4495fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4496000 | 0x7ff6e4496000 | 0x7ff6e4497fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e4498000 | 0x7ff6e4498000 | 0x7ff6e4499fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e449a000 | 0x7ff6e449a000 | 0x7ff6e449bfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e449c000 | 0x7ff6e449c000 | 0x7ff6e449dfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e449e000 | 0x7ff6e449e000 | 0x7ff6e449ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007ff6e44a0000 | 0x7ff6e44a0000 | 0x7ff6e459ffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00007ff6e45a0000 | 0x7ff6e45a0000 | 0x7ff6e45c2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff6e45c4000 | 0x7ff6e45c4000 | 0x7ff6e45c5fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e45c6000 | 0x7ff6e45c6000 | 0x7ff6e45c7fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e45c8000 | 0x7ff6e45c8000 | 0x7ff6e45c9fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e45c8000 | 0x7ff6e45c8000 | 0x7ff6e45c9fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e45ca000 | 0x7ff6e45ca000 | 0x7ff6e45cafff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e45cc000 | 0x7ff6e45cc000 | 0x7ff6e45cdfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff6e45ce000 | 0x7ff6e45ce000 | 0x7ff6e45cffff | Private Memory | Readable, Writable | | | | |
| explorer.exe | 0x7ff6e5020000 | 0x7ff6e546dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ieproxy.dll | 0x7ffb08280000 | 0x7ffb08326fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| DismApi.dll | 0x7ffb084b0000 | 0x7ffb08592fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ReAgent.dll | 0x7ffb085a0000 | 0x7ffb08694fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wscui.cpl | 0x7ffb086a0000 | 0x7ffb087c0fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| werconcpl.dll | 0x7ffb08930000 | 0x7ffb08a6ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pnidui.dll | 0x7ffb08a70000 | 0x7ffb08c2efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| authui.dll | 0x7ffb08c30000 | 0x7ffb08e71fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ActionCenter.dll | 0x7ffb08e80000 | 0x7ffb08ecffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| atlthunk.dll | 0x7ffb08ed0000 | 0x7ffb08edffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Syncreg.dll | 0x7ffb08ee0000 | 0x7ffb08ef6fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shdocvw.dll | 0x7ffb08f00000 | 0x7ffb08f40fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| GdiPlus.dll | 0x7ffb08f50000 | 0x7ffb090f8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| DXP.dll | 0x7ffb09100000 | 0x7ffb09178fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| winspool.drv | 0x7ffb0ae10000 | 0x7ffb0ae93fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| prnfldr.dll | 0x7ffb0aea0000 | 0x7ffb0af1bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Windows.UI.Shell.dll | 0x7ffb0af20000 | 0x7ffb0b05afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| batmeter.dll | 0x7ffb0b2d0000 | 0x7ffb0b4cdfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| stobject.dll | 0x7ffb0b4d0000 | 0x7ffb0b52bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| RTWorkQ.dll | 0x7ffb0b530000 | 0x7ffb0b55ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| mfplat.dll | 0x7ffb0b560000 | 0x7ffb0b66bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Windows.Gaming.Input.dll | 0x7ffb0bd90000 | 0x7ffb0bdcffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bthprops.cpl | 0x7ffb0bdd0000 | 0x7ffb0be0bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| AudioSes.dll | 0x7ffb0be60000 | 0x7ffb0bee4fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Windows.Internal.Shell.Broker.dll | 0x7ffb0c680000 | 0x7ffb0c711fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| NotificationObjFactory.dll | 0x7ffb0c800000 | 0x7ffb0c84dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Windows.StateRepository.dll | 0x7ffb0d2e0000 | 0x7ffb0d571fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| dsreg.dll | 0x7ffb0d580000 | 0x7ffb0d5d9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wlidprov.dll | 0x7ffb0d6b0000 | 0x7ffb0d748fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wcmapi.dll | 0x7ffb0d750000 | 0x7ffb0d76ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| AboveLockAppHost.dll | 0x7ffb0d770000 | 0x7ffb0d79afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wwapi.dll | 0x7ffb0d7a0000 | 0x7ffb0d7b5fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| winmmbase.dll | 0x7ffb0d7c0000 | 0x7ffb0d7ebfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| winmm.dll | 0x7ffb0d7f0000 | 0x7ffb0d812fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cscdll.dll | 0x7ffb0d900000 | 0x7ffb0d90cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cscui.dll | 0x7ffb0d910000 | 0x7ffb0d9d3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| EhStorShell.dll | 0x7ffb0d9e0000 | 0x7ffb0da16fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcr120.dll | 0x7ffb0da20000 | 0x7ffb0db0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcp120.dll | 0x7ffb0db10000 | 0x7ffb0dbb5fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| FileSyncShell64.dll | 0x7ffb0dbc0000 | 0x7ffb0dd50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| provsvc.dll | 0x7ffb0dd60000 | 0x7ffb0ddd5fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| linkinfo.dll | 0x7ffb0dde0000 | 0x7ffb0ddecfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| thumbcache.dll | 0x7ffb0df30000 | 0x7ffb0df7afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| VEEventDispatcher.dll | 0x7ffb0df80000 | 0x7ffb0dfc8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| NotificationController.dll | 0x7ffb0dfd0000 | 0x7ffb0e052fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wpncore.dll | 0x7ffb0e060000 | 0x7ffb0e133fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntshrui.dll | 0x7ffb0e140000 | 0x7ffb0e219fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ELSCore.dll | 0x7ffb0e220000 | 0x7ffb0e237fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ApplicationFrame.dll | 0x7ffb0e240000 | 0x7ffb0e35afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wldp.dll | 0x7ffb0e360000 | 0x7ffb0e36ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.immersiveshell.serviceprovider.dll | 0x7ffb0e370000 | 0x7ffb0e3bcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| twinui.dll | 0x7ffb0e3c0000 | 0x7ffb0eeccfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ExplorerFrame.dll | 0x7ffb0eed0000 | 0x7ffb0f35ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| DataExchange.dll | 0x7ffb0f360000 | 0x7ffb0f3a5fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleacc.dll | 0x7ffb0f3b0000 | 0x7ffb0f418fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SndVolSSO.dll | 0x7ffb0f420000 | 0x7ffb0f484fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msxml6.dll | 0x7ffb0f490000 | 0x7ffb0f706fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wer.dll | 0x7ffb0fb20000 | 0x7ffb0fbbdfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profext.dll | 0x7ffb0fbc0000 | 0x7ffb0fbd4fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| vaultcli.dll | 0x7ffb0fbe0000 | 0x7ffb0fc27fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| StateRepository.Core.dll | 0x7ffb0fc30000 | 0x7ffb0fcc8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wpnapps.dll | 0x7ffb0fd30000 | 0x7ffb0fdc6fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| twinui.appcore.dll | 0x7ffb0ff00000 | 0x7ffb1010cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SettingSyncPolicy.dll | 0x7ffb10110000 | 0x7ffb10120fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Windows.Networking.Connectivity.dll | 0x7ffb10170000 | 0x7ffb1021bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| TokenBroker.dll | 0x7ffb10220000 | 0x7ffb102e5fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SettingSyncCore.dll | 0x7ffb102f0000 | 0x7ffb103d0fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| twinapi.dll | 0x7ffb10450000 | 0x7ffb10509fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pcacli.dll | 0x7ffb10810000 | 0x7ffb1081efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| execmodelproxy.dll | 0x7ffb108c0000 | 0x7ffb108d4fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| NotificationControllerPS.dll | 0x7ffb108e0000 | 0x7ffb108ebfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| actxprxy.dll | 0x7ffb10f90000 | 0x7ffb113f9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| CoreUIComponents.dll | 0x7ffb11440000 | 0x7ffb116a0fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wininet.dll | 0x7ffb11770000 | 0x7ffb11a16fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| version.dll | 0x7ffb11a40000 | 0x7ffb11a49fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| BluetoothApis.dll | 0x7ffb11b30000 | 0x7ffb11b4dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| npmproxy.dll | 0x7ffb11ba0000 | 0x7ffb11badfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| webio.dll | 0x7ffb11d40000 | 0x7ffb11dbffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| BitsProxy.dll | 0x7ffb11dd0000 | 0x7ffb11de1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| urlmon.dll | 0x7ffb11e50000 | 0x7ffb11fe6fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wlanapi.dll | 0x7ffb12590000 | 0x7ffb125eefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cscapi.dll | 0x7ffb12640000 | 0x7ffb12651fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wdscore.dll | 0x7ffb12890000 | 0x7ffb128d0fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| netprofm.dll | 0x7ffb12ae0000 | 0x7ffb12b1efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| NetworkStatus.dll | 0x7ffb132e0000 | 0x7ffb13300fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| PhotoMetadataHandler.dll | 0x7ffb13310000 | 0x7ffb1337afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| InputSwitch.dll | 0x7ffb13380000 | 0x7ffb133cefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| comctl32.dll | 0x7ffb134d0000 | 0x7ffb13743fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| IDStore.dll | 0x7ffb137e0000 | 0x7ffb13806fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SyncCenter.dll | 0x7ffb13860000 | 0x7ffb13ba5fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cscobj.dll | 0x7ffb13d70000 | 0x7ffb13dbffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SettingMonitor.dll | 0x7ffb13dc0000 | 0x7ffb13dfefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| PortableDeviceTypes.dll | 0x7ffb13e00000 | 0x7ffb13e31fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| WPDShServiceObj.dll | 0x7ffb13e40000 | 0x7ffb13e54fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| framedynos.dll | 0x7ffb13ec0000 | 0x7ffb13f0dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasadhlp.dll | 0x7ffb13f10000 | 0x7ffb13f19fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ploptin.dll | 0x7ffb13f20000 | 0x7ffb13f28fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| winhttp.dll | 0x7ffb14520000 | 0x7ffb145f5fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcp110_win.dll | 0x7ffb146b0000 | 0x7ffb14741fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| policymanager.dll | 0x7ffb14750000 | 0x7ffb14788fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| xmllite.dll | 0x7ffb148c0000 | 0x7ffb148f5fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| d2d1.dll | 0x7ffb149d0000 | 0x7ffb14f14fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Windows.UI.Immersive.dll | 0x7ffb14f70000 | 0x7ffb15126fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| iertutil.dll | 0x7ffb15130000 | 0x7ffb154a5fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Windows.UI.dll | 0x7ffb164b0000 | 0x7ffb1654dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| MrmCoreR.dll | 0x7ffb16550000 | 0x7ffb1665efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wincorlib.dll | 0x7ffb16660000 | 0x7ffb166c9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wercplsupport.dll | 0x7ffb166f0000 | 0x7ffb1670afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| davhlpr.dll | 0x7ffb16710000 | 0x7ffb1671bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| davclnt.dll | 0x7ffb16720000 | 0x7ffb1673ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntlanman.dll | 0x7ffb16740000 | 0x7ffb16755fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| drprov.dll | 0x7ffb16760000 | 0x7ffb1676afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wscapi.dll | 0x7ffb16770000 | 0x7ffb167a4fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| duser.dll | 0x7ffb167b0000 | 0x7ffb16848fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| hgcpl.dll | 0x7ffb16850000 | 0x7ffb168effff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imapi2.dll | 0x7ffb168f0000 | 0x7ffb16972fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| dhcpcsvc.dll | 0x7ffb16c90000 | 0x7ffb16ca9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| dhcpcsvc6.dll | 0x7ffb16cb0000 | 0x7ffb16cc5fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| samlib.dll | 0x7ffb16e50000 | 0x7ffb16e6bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| WinTypes.dll | 0x7ffb16e80000 | 0x7ffb16fb0fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| avrt.dll | 0x7ffb17000000 | 0x7ffb1700afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| propsys.dll | 0x7ffb17320000 | 0x7ffb174a2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| MMDevAPI.dll | 0x7ffb174b0000 | 0x7ffb17521fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| samcli.dll | 0x7ffb175b0000 | 0x7ffb175c7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wkscli.dll | 0x7ffb176f0000 | 0x7ffb17705fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| PortableDeviceApi.dll | 0x7ffb17750000 | 0x7ffb177f0fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| hcproviders.dll | 0x7ffb17850000 | 0x7ffb17863fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| es.dll | 0x7ffb17870000 | 0x7ffb178e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wmiclnt.dll | 0x7ffb17960000 | 0x7ffb17970fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wevtapi.dll | 0x7ffb17bd0000 | 0x7ffb17c34fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| winnsi.dll | 0x7ffb17eb0000 | 0x7ffb17ebafff | Memory Mapped File | Readable, Writable, Executable | | | | |
| IPHLPAPI.DLL | 0x7ffb17ed0000 | 0x7ffb17f07fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| UIAnimation.dll | 0x7ffb180a0000 | 0x7ffb180eafff | Memory Mapped File | Readable, Writable, Executable | | | | |
| WindowsCodecs.dll | 0x7ffb180f0000 | 0x7ffb182a1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| d3d10warp.dll | 0x7ffb182b0000 | 0x7ffb1851dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| dxgi.dll | 0x7ffb18520000 | 0x7ffb185bbfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| d3d11.dll | 0x7ffb185c0000 | 0x7ffb18862fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| dwmapi.dll | 0x7ffb18870000 | 0x7ffb18891fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ninput.dll | 0x7ffb188c0000 | 0x7ffb1891bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| CoreMessaging.dll | 0x7ffb18920000 | 0x7ffb189e7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| dcomp.dll | 0x7ffb189f0000 | 0x7ffb18ac0fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x7ffb18dc0000 | 0x7ffb18e37fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wtsapi32.dll | 0x7ffb18e40000 | 0x7ffb18e52fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| BCP47Langs.dll | 0x7ffb18e60000 | 0x7ffb18ec5fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sppc.dll | 0x7ffb18ed0000 | 0x7ffb18ef4fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| slc.dll | 0x7ffb18f00000 | 0x7ffb18f25fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wscinterop.dll | 0x7ffb18f30000 | 0x7ffb18f5dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| srchadmin.dll | 0x7ffb18f70000 | 0x7ffb18fccfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| uxtheme.dll | 0x7ffb190d0000 | 0x7ffb19165fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| devobj.dll | 0x7ffb19170000 | 0x7ffb19196fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| twinapi.appcore.dll | 0x7ffb192b0000 | 0x7ffb1939dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rmclient.dll | 0x7ffb19430000 | 0x7ffb19457fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| hid.dll | 0x7ffb19850000 | 0x7ffb1985bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| mpr.dll | 0x7ffb19a30000 | 0x7ffb19a4bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| netutils.dll | 0x7ffb19a50000 | 0x7ffb19a5bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| srvcli.dll | 0x7ffb19a60000 | 0x7ffb19a85fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x7ffb19b40000 | 0x7ffb19b71fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| dpapi.dll | 0x7ffb19c20000 | 0x7ffb19c29fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rsaenh.dll | 0x7ffb19cc0000 | 0x7ffb19cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| userenv.dll | 0x7ffb19db0000 | 0x7ffb19dcefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| dnsapi.dll | 0x7ffb19e10000 | 0x7ffb19eb7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| mswsock.dll | 0x7ffb1a010000 | 0x7ffb1a06cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptsp.dll | 0x7ffb1a070000 | 0x7ffb1a086fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x7ffb1a1e0000 | 0x7ffb1a1eafff | Memory Mapped File | Readable, Writable, Executable | | | | |
| winsta.dll | 0x7ffb1a270000 | 0x7ffb1a2c7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntasn1.dll | 0x7ffb1a2d0000 | 0x7ffb1a305fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ncrypt.dll | 0x7ffb1a310000 | 0x7ffb1a335fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x7ffb1a420000 | 0x7ffb1a44bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcrypt.dll | 0x7ffb1a620000 | 0x7ffb1a647fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x7ffb1a650000 | 0x7ffb1a6bafff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sxs.dll | 0x7ffb1a6c0000 | 0x7ffb1a757fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x7ffb1a800000 | 0x7ffb1a812fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x7ffb1a820000 | 0x7ffb1a830fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x7ffb1a840000 | 0x7ffb1a889fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x7ffb1a890000 | 0x7ffb1a89efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x7ffb1a8a0000 | 0x7ffb1aa60fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wintrust.dll | 0x7ffb1ab20000 | 0x7ffb1ab73fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cfgmgr32.dll | 0x7ffb1ab80000 | 0x7ffb1abc3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x7ffb1abd0000 | 0x7ffb1ac82fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x7ffb1ac90000 | 0x7ffb1b2b7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x7ffb1b2c0000 | 0x7ffb1b49cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Wldap32.dll | 0x7ffb1b4a0000 | 0x7ffb1b4fafff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x7ffb1b560000 | 0x7ffb1b6e4fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x7ffb1b6f0000 | 0x7ffb1b83dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x7ffb1b840000 | 0x7ffb1babbfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x7ffb1bac0000 | 0x7ffb1baf5fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x7ffb1bb00000 | 0x7ffb1bb5afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imagehlp.dll | 0x7ffb1bc50000 | 0x7ffb1bc6bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ws2_32.dll | 0x7ffb1bc70000 | 0x7ffb1bcd8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x7ffb1bce0000 | 0x7ffb1be05fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| clbcatq.dll | 0x7ffb1be10000 | 0x7ffb1beb4fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x7ffb1bec0000 | 0x7ffb1c01bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x7ffb1c020000 | 0x7ffb1c0ccfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| nsi.dll | 0x7ffb1c0e0000 | 0x7ffb1c0e7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x7ffb1c0f0000 | 0x7ffb1c195fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x7ffb1c1a0000 | 0x7ffb1c2e0fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x7ffb1c2f0000 | 0x7ffb1d814fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x7ffb1d9d0000 | 0x7ffb1da20fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x7ffb1da30000 | 0x7ffb1daccfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| coml2.dll | 0x7ffb1dad0000 | 0x7ffb1db3efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| setupapi.dll | 0x7ffb1db40000 | 0x7ffb1dd04fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x7ffb1dd10000 | 0x7ffb1ddcdfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2200000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x24e0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x24f0000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2500000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2510000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2520000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2530000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2540000, size = 21 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2550000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x50b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x50d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x78d0000, size = 21 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d10000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d50000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d60000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d70000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d90000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e40000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e50000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e60000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e70000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e80000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e90000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x80c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x80e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x80f0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8100000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8330000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8340000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8350000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8360000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8370000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8380000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x83a0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x83b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x83c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x83d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x83e0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x83f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8400000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8410000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8430000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8440000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8450000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8460000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8470000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ca0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8cb0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8cc0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8cd0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ce0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8cf0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8d00000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8d10000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8e20000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8e30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8e40000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8e50000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8e60000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8e70000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8e80000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8e90000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8fa0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8fb0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8fc0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8fd0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8fe0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ff0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9000000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9010000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9020000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9030000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9040000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9050000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9060000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9070000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9080000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9090000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9cf0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9d20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9d30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xd9e0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xd9f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xda00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xda10000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xda20000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xda30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xda40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xda50000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xda60000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xda70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xda80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xda90000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdaa0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdab0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdac0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdad0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdae0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdaf0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdb00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdb10000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdb20000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdb30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdb40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdb50000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdb60000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdb70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdb80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdb90000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdba0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdbb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdbc0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdbd0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdbe0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdbf0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdc00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdc10000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdc20000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdc30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdc40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdc50000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdc60000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdc70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdc80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdc90000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdca0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdcb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdcc0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdcd0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdce0000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdcf0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdd00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdd10000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdd20000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdd30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdd40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdd50000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdd60000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdd70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdd80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdd90000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdda0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xddb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xddc0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xddd0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdde0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xddf0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xde00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xde10000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xde20000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xde30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xde40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xde50000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xde60000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xde70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xde80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xde90000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdea0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdeb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdec0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xded0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdee0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdef0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdf00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdf10000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdf20000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdf30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdf40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdf50000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdf60000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdf70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdf80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdf90000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdfa0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdfb0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdfc0000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdfd0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdfe0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdff0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe000000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe010000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe020000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe030000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe040000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe050000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe060000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe070000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe080000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe090000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe0a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe0b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe0c0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe0d0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe0e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe0f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe100000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe110000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe120000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe130000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe140000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe150000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe160000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe170000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe180000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe190000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe1a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe1b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe1c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe1d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe1e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe1f0000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe200000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe210000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe220000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe230000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe240000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe250000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe260000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe270000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe280000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe290000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe2a0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe2b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe2c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe2d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe2e0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe2f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe300000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe310000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe320000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe330000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe340000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe350000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe360000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe370000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe380000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe390000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe3a0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe3b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe3c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe3d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe3e0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe3f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe400000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe410000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe420000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe430000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe440000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe450000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe460000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe470000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe480000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe490000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe4a0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe4b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe4c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe4d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe4e0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe4f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe500000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe510000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe520000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe530000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe540000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe550000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe560000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe570000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe580000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe590000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe5a0000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe5b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe5c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe5d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe5e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe5f0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe600000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe610000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe620000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe630000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe640000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe650000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe660000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe670000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe680000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe690000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe6a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe6b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe6c0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe6d0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe6e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe6f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe700000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe710000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe720000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe730000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe740000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe750000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe760000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe770000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe780000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe790000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe7a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe7b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe7c0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe7d0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe7e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe7f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe800000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe810000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe820000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe830000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe840000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe850000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe860000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe870000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe880000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe890000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe8a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe8b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe8c0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe8d0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe8e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe8f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe900000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe910000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe920000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe930000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe940000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe950000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe960000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe970000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe980000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe990000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe9a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe9b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe9c0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe9d0000, size = 6 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe9e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe9f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xea00000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xea10000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xea20000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xea30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xea40000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xea50000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xea60000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xea70000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xea80000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xea90000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeaa0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeab0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeac0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xead0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeae0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeaf0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeb00000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeb10000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeb20000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeb30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeb40000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeb50000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeb60000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeb70000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeb80000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeb90000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeba0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xebb0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xebc0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xebd0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xebe0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xebf0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xec00000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xec10000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xec20000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xec30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xec40000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xec50000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xec60000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xec70000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xec80000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xec90000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeca0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xecb0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xecc0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xecd0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xece0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xecf0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xed00000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xed10000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xed20000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xed30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xed40000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xed50000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xed60000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xed70000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xed80000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xed90000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeda0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xedb0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xedc0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xedd0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xede0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xedf0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xee00000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xee10000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xee20000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xee30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xee40000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xee50000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xee60000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xee70000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xee80000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xee90000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeea0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeeb0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeec0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeed0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeee0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeef0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xef00000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xef10000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xef20000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xef30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xef40000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xef60000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xef70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xef80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xef90000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xefa0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xefb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xefc0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xefd0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xefe0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeff0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf000000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf010000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf020000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf030000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf040000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf050000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf060000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf070000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf080000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf090000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf0a0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf0b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf0c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf0d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf0e0000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf0f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf100000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf110000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf120000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf130000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf140000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf150000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf160000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf170000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf180000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf190000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf1a0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf1b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf1c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf1d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf1e0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf1f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf200000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf210000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf220000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf230000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf240000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf250000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf260000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf270000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf280000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf290000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf2a0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf2b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf2c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf2d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf2e0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf2f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf300000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf310000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf320000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf330000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf340000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf350000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf360000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf370000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf380000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf390000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf3a0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf3b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf3c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf3d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf3e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf3f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf400000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf410000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf420000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf430000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf440000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf450000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf460000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf470000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf480000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf490000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf4a0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf4b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf4c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf4d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf4e0000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf4f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf500000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf510000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf520000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf530000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf540000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf550000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf560000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf570000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf580000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf590000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf5a0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf5b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf5c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf5d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf5e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf5f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf600000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf610000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf620000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf630000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf640000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf650000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf660000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf670000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf680000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf690000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf6a0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf6b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf6c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf6d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf6e0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf6f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf700000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf710000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf720000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf730000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf740000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf750000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf760000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf770000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf780000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf790000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf7a0000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf7b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf7c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf7d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf7e0000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf7f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf800000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf810000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf820000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf830000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf840000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf850000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf860000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf870000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf880000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf890000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf8a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf8b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf8c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf8d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf8e0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf8f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf900000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf910000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf920000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf930000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf940000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf950000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf960000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf970000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf980000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf990000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf9a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf9b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf9c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf9d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf9e0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf9f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfa00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfa10000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfa20000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfa30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfa40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfa50000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfa60000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfa70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfa80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfa90000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfaa0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfab0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfac0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfad0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfae0000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfaf0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfb00000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfb10000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfb20000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfb30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfb40000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfb50000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfb60000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfb70000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfb80000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfb90000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfba0000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfbb0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfbc0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfbd0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfbe0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfbf0000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfc00000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfc10000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfc20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfc30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfc40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfc50000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfc60000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfc70000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfc80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfc90000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfca0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfcb0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfcc0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfcd0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfce0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfcf0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfd00000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfd10000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfd20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfd30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfd40000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfd50000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfd60000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfd70000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfd80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfd90000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfda0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfdb0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfdc0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfdd0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfde0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfdf0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfe00000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfe10000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfe20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfe30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfe40000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfe50000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfe60000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfe70000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfe80000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfe90000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfea0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfeb0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfec0000, size = 23 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfed0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfee0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfef0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xff00000, size = 7 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xff10000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xff20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xff30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xff40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xff50000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xff60000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xff70000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xff80000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xff90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xffa0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xffb0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xffc0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xffd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xffe0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfff0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10000000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10010000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10020000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10030000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10040000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10050000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10060000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10070000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10080000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10090000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x100a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x100b0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x100c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x100d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x100e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x100f0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10100000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10110000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10120000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10130000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10140000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10150000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10160000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10170000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10180000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10190000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x101a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x101b0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x101c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x101d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x101e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x101f0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10200000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10210000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10220000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ea0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8eb0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ec0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ed0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ee0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ef0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8f00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8f10000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10230000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10240000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10250000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10260000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10270000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10280000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10290000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x102a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x102b0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x102c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x102d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x102e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x102f0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10300000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10310000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10320000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10330000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10340000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10350000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10360000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10370000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10380000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10390000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x103a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x103b0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x103c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x103d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x103e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x103f0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10400000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10470000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10480000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10490000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x104a0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x104b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x104c0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x104d0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x104e0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x104f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10500000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10510000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10520000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10530000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10540000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10550000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10560000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10570000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10580000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10590000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x105a0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x105b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x105c0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x105d0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x105e0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x105f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10600000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10610000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10620000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10630000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10640000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10650000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10660000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10670000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10680000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10690000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x106a0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x106b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x106c0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x106d0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x106e0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x106f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10700000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10710000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10720000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10730000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10740000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10750000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10760000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10770000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10780000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10790000, size = 21 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x107a0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xef50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x107b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x107c0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x107d0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x107e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x107f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10800000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10810000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10820000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10830000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10840000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10850000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10860000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10870000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10880000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10890000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x108a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x108b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x108c0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x108d0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x108e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x108f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10900000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10910000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10920000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10930000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10940000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10950000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10960000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10970000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10980000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10990000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x109a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x109b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x109c0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x109d0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x109e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x109f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10a00000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10a10000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10a20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10a30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10a40000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10a50000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10a60000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10a70000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10a80000, size = 23 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10a90000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10aa0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10ab0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10ac0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10ad0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10ae0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10af0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10b00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10b10000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10b20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10b30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10b40000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10b50000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10b60000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10b70000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10b80000, size = 6 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10b90000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10ba0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10bb0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x21a0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10bc0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10bd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10be0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10bf0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10c00000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10c10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10c20000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10c30000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10c40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10c50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10c60000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10c70000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10c80000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10c90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10ca0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10cb0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10cc0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10cd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10ce0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10cf0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10d00000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10d10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10d20000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10d30000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10d40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10d50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10d60000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10d70000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10d80000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10d90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10da0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10db0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10dc0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10dd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10de0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10df0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10e00000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10e20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10e30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10e40000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10e50000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10e60000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10e70000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10e80000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10e90000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10ea0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10eb0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10ec0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10ed0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10ee0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10ef0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10f00000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10f10000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10f20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10f30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10f40000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10f50000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10f60000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10f70000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10f80000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10f90000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10fa0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10fb0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10fc0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10fd0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10fe0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10ff0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11000000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11010000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11020000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11030000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11040000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11050000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11060000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11070000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11080000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11090000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x110a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x110b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x110c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x110d0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x110e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x110f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11100000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11110000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11120000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11130000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11140000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11150000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11160000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11170000, size = 26 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11180000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11190000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x111a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x111b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x111c0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x111d0000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x111e0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x111f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11200000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11210000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11220000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11230000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11240000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11250000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11260000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11270000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11280000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11290000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x112a0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x112b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x112c0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x112d0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x112e0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x112f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11300000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11310000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11320000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11330000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11340000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11350000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11360000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11370000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11380000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11390000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x113a0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x113b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x113c0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x113d0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x113e0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x113f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11400000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11410000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11420000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11430000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11440000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11450000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11460000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11470000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11480000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11490000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x114a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x114b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x114c0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x114d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x114e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x114f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11500000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11510000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11520000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11530000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11540000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11550000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11560000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11570000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11580000, size = 7 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11590000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x115a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x115b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x115c0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x115d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x115e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x115f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11600000, size = 5 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11610000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11620000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11630000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11640000, size = 7 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11650000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11660000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11670000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11680000, size = 5 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11690000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x116a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x116b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x116c0000, size = 6 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x116d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x116e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x116f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11700000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11710000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11720000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11730000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11740000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11750000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11760000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11770000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11780000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11790000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x117a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x117b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x117c0000, size = 6 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x117d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x117e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x117f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11800000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11810000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11820000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11830000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11840000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11850000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11860000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11870000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11880000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11890000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x118a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x118b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x118c0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x118d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x118e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x118f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11900000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11910000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11920000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11930000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11940000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11950000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11960000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11970000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11980000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11990000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x119a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x119b0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x119c0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x119d0000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x119e0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x119f0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11a00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11a10000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11a20000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11a30000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11a40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11a50000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11a60000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11a70000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11a80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11a90000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11aa0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11ab0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11ac0000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11ad0000, size = 21 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11ae0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11af0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11b00000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11b10000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11b20000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11b30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11b40000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11b50000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11b60000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11b70000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11b80000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11b90000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11ba0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11bb0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11bc0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11bd0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11be0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11bf0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11c00000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11c10000, size = 26 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11c20000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11c30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11c40000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11c50000, size = 28 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11c60000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11c70000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11c80000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11c90000, size = 30 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11ca0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11cb0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11cc0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11cd0000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11ce0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11cf0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11d00000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11d10000, size = 27 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11d20000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11d30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11d40000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11d50000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11d60000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11d70000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11d80000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11d90000, size = 28 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11da0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11db0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11dc0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11dd0000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11de0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11df0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11e00000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11e10000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11e20000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11e30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11e40000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11e50000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11e60000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11e70000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11e80000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11e90000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11ea0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11eb0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11ec0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11ed0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11ee0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11ef0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11f00000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11f10000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10e10000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11f20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11f30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11f40000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11f50000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11f60000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11f70000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11f80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11f90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11fa0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11fb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11fc0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11fd0000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11fe0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11ff0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12000000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12010000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12020000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12030000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12040000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12050000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12060000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12070000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12080000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12090000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x120a0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x120b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x120c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x120d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x120e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x120f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12100000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12110000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12120000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12130000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12140000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12150000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12160000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12170000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12180000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12190000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x121a0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x121b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x121c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x121d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x121e0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x121f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12200000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12210000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12220000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12230000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12240000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12250000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12260000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12270000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12280000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12290000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x122a0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x122b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x122c0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x122d0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x122e0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x122f0000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12300000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12310000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12320000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12330000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12340000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12350000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12360000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12370000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12380000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12390000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x123a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x123b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x123c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x123d0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x123e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x123f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12400000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12410000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12420000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12430000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12440000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12450000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12460000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12470000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12480000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12490000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x124a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x124b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x124c0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x124d0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x124e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x124f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12500000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12510000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12520000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12530000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12540000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12550000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12560000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12570000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12580000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12590000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x125a0000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x125b0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x125c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x125d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x125e0000, size = 23 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x125f0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12600000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12610000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12620000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12630000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12640000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12650000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12660000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12670000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12680000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12690000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x126a0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x126b0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x126c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x126d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x126e0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x126f0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12700000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12710000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12720000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12730000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12740000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12750000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12760000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12770000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12780000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12790000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x127a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x127b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x127c0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x127d0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x127e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x127f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12800000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12810000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12820000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12830000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12840000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10410000, size = 376832 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12850000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12860000, size = 313 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #3 / 0xd54 |
| OS Parent PID | 0xcc8 (c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\explorer.exe |
| Command Line | explorer.exe |
| Monitor | Start Time: 00:00:52, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:43 |
| OS Thread IDs | #63 0xD58 #64 0xD5C #65 0xD60 #66 0xD64 #67 0xD68 #68 0xD84 #69 0xD98 #70 0xD9C #71 0xDA0 #72 0xDA8 #73 0xDAC #74 0xDB4 #75 0xDB8 #76 0xDBC #77 0xDC0 #78 0xDC4 #79 0xDC8 #80 0xDCC #81 0xDD0 #82 0xDD4 #83 0xDD8 #84 0xDDC #85 0xDE0 #86 0xDE4 #87 0xDE8 #88 0xDEC #89 0xDF0 #90 0xDF4 #91 0xDF8 #92 0xDFC #93 0xE00 #94 0xE04 #95 0xE08 #96 0xE0C #97 0xE10 #98 0xE14 #99 0xE18 #100 0xE1C #101 0xE20 #102 0xE24 #103 0xE28 #104 0xE2C #105 0xE30 #106 0xE34 #107 0xE38 #108 0xE3C #109 0xE40 #110 0xE44 #111 0xE48 #112 0xE4C #113 0xE50 #114 0xE54 #115 0xE58 #116 0xE5C #117 0xE60 #118 0xE64 #119 0xE68 #120 0xE6C #121 0xE70 #122 0xE74 #123 0xE78 #124 0xE7C #125 0xE80 #126 0xE84 #127 0xE88 #128 0xE8C #129 0xE90 #130 0xE94 #131 0xE98 #132 0xE9C #133 0xEA0 #134 0xEA4 #135 0xEA8 #136 0xEAC #137 0xEB8 #138 0xEBC #139 0xEC4 #140 0xEC8 #141 0xECC #142 0xED0 #143 0xED4 #144 0xED8 #145 0xEDC #146 0xEE0 #147 0xEE4 #148 0xEE8 #149 0xEEC #150 0xEF0 #151 0xEF4 #152 0xEF8 #153 0xEFC #154 0xF00 #155 0xF04 #156 0xF08 #157 0xF0C #158 0xF10 #159 0xF14 #160 0xF18 #161 0xF1C #162 0xF20 #163 0xF24 #164 0xF28 #165 0xF2C #166 0xF30 #167 0xF34 #168 0xF38 #169 0xF3C #170 0xF40 #171 0xF44 #172 0xF48 #173 0xF50 #174 0xF54 #175 0xF58 #176 0xF5C #177 0xF60 #178 0xF64 #179 0xF68 #180 0xF6C #181 0xF70 #182 0xF74 #183 0xF78 #184 0xF7C #185 0xF80 #186 0xF84 #187 0xF88 #188 0xF8C #189 0xF90 #190 0xF94 #191 0xF98 #192 0xF9C #193 0xFA0 #194 0xFA4 #195 0xFA8 #196 0xFAC #197 0xFB0 #198 0xFB4 #199 0xFC0 #200 0xFC4 #201 0xFC8 #202 0xFCC #203 0xFD0 #204 0xFD4 #205 0xFD8 #206 0xFDC #207 0xFE0 #208 0xFE4 #209 0xFE8 #210 0xFEC #211 0xFF0 #212 0xFF4 #213 0xFF8 #214 0xFFC #215 0x534 #216 0x6D4 #217 0xAD4 #218 0xA14 #219 0x458 #220 0x540 #221 0x2B0 #222 0xC44 #223 0xC4C #224 0xC54 #225 0x59C #226 0x224 #227 0x2F8 #228 0xC64 #229 0xA2C #230 0xB34 #231 0x3F4 #232 0x6EC #233 0x358 #234 0xC3C #235 0x8D0 #236 0x71C #237 0x144 #238 0x12C #239 0x6C0 #240 0xAEC #241 0x114 #242 0x2A8 #243 0x950 #244 0x940 #245 0x954 #246 0x41C #247 0x398 #248 0x438 #249 0x9DC #250 0x5E8 #251 0x668 #252 0x8C0 #253 0xC94 #254 0xC48 #255 0xC50 #256 0xC40 #257 0xC18 #258 0xC24 #259 0xC2C #260 0xC28 #261 0xC20 #262 0xC34 #263 0xC38 #264 0xC1C #265 0xC0C #266 0xC08 #267 0xC04 #268 0xCA8 #269 0xCC0 #270 0x9D4 #271 0xCD4 #272 0x298 #273 0x9E0 #274 0x9E4 #275 0x5DC #276 0xCDC #277 0xBD0 #278 0x508 #279 0xC90 #280 0xCBC #281 0xC8C #282 0xC78 #283 0xC84 #284 0xC88 #285 0xC98 #286 0xC7C #287 0xCB8 #288 0xC74 #289 0xCA0 #290 0xCB0 #291 0xCB4 #292 0xCC4 #293 0xCA4 #294 0xC9C #295 0xCD8 #296 0x58C #297 0x208 #298 0x664 #299 0x118 #300 0x684 #301 0x648 #302 0xBC4 #303 0x75C #304 0xD28 #305 0x3C8 #306 0xD14 #307 0x268 #308 0xD44 #309 0xDA4 #310 0xD30 #311 0xC68 #312 0x54C #313 0xD2C #314 0xCE4 #315 0xD10 #316 0xA04 #317 0x134 #318 0x294 #319 0xA0C #320 0xA68 #321 0xA38 #322 0xEB4 #323 0xEC0 #324 0xEB0 #325 0x700 #326 0xCAC #327 0x570 #328 0x94C #329 0x6E8 #330 0x8C8 #331 0x5B8 #332 0x728 #333 0xB30 #334 0x33C #335 0x804 #336 0xD34 #337 0xD94 #338 0xD90 #339 0xD7C #340 0xD88 #341 0xD8C #342 0xDB0 #343 0xD80 #344 0xD78 #345 0x1004 #346 0x1008 #347 0x100C #348 0x1010 #349 0x1014 #350 0x1018 #351 0x101C #352 0x1020 #353 0x1024 #354 0x1030 #355 0x1034 #356 0x1044 #357 0x1048 #358 0x104C #359 0x1050 #360 0x105C #361 0x1068 #362 0x106C #363 0x1074 #364 0x107C #365 0x1080 #366 0x1084 #367 0x1088 #368 0x108C #369 0x1090 #370 0x1094 #371 0x1098 #372 0x109C #373 0x10A0 #374 0x10A4 #375 0x10A8 #376 0x10AC #377 0x10B0 #378 0x10B4 #379 0x10B8 #380 0x10C0 #381 0x10C4 #382 0x10C8 #383 0x10CC #384 0x10D0 #385 0x10D4 #386 0x10D8 #387 0x10DC #388 0x10E0 #389 0x10E4 #390 0x10E8 #391 0x10EC #392 0x10F0 #393 0x10F4 #394 0x10F8 #395 0x10FC #396 0x1100 #397 0x1104 #398 0x1108 #399 0x110C #400 0x1110 #401 0x1114 #402 0x1118 #403 0x111C #404 0x1120 #405 0x1124 #406 0x1128 #407 0x112C #408 0x1130 #409 0x1134 #410 0x1138 #411 0x113C #417 0x11A8 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| explorer.exe | 0x001d0000 | 0x005a6fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x0000000000640000 | 0x00640000 | 0x0463ffff | Pagefile Backed Memory | - | | | | |
| private_0x0000000004640000 | 0x04640000 | 0x0465ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000004640000 | 0x04640000 | 0x0464ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000004650000 | 0x04650000 | 0x04653fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004660000 | 0x04660000 | 0x04660fff | Private Memory | Readable, Writable | | | | |
| explorer.exe.mui | 0x04660000 | 0x04667fff | Memory Mapped File | Readable | | | | |
| pagefile_0x0000000004670000 | 0x04670000 | 0x04683fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000004690000 | 0x04690000 | 0x046cffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000046d0000 | 0x046d0000 | 0x0470ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000004710000 | 0x04710000 | 0x04713fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000004720000 | 0x04720000 | 0x04722fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000004730000 | 0x04730000 | 0x04731fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004740000 | 0x04740000 | 0x04740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004750000 | 0x04750000 | 0x04750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004760000 | 0x04760000 | 0x04760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004770000 | 0x04770000 | 0x047affff | Private Memory | Readable, Writable | | | | |
| private_0x00000000047b0000 | 0x047b0000 | 0x047effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000047f0000 | 0x047f0000 | 0x047f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004800000 | 0x04800000 | 0x04800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004810000 | 0x04810000 | 0x04810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004820000 | 0x04820000 | 0x04820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004830000 | 0x04830000 | 0x0486ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004830000 | 0x04830000 | 0x04830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004840000 | 0x04840000 | 0x04840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004850000 | 0x04850000 | 0x04850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004860000 | 0x04860000 | 0x04860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004870000 | 0x04870000 | 0x048affff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004870000 | 0x04870000 | 0x04870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004880000 | 0x04880000 | 0x04880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004890000 | 0x04890000 | 0x04890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000048a0000 | 0x048a0000 | 0x048a0fff | Private Memory | Readable, Writable, Executable | | | | |
| locale.nls | 0x048b0000 | 0x0496dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000004970000 | 0x04970000 | 0x049affff | Private Memory | Readable, Writable | | | | |
| private_0x00000000049b0000 | 0x049b0000 | 0x049effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000049f0000 | 0x049f0000 | 0x04a2ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004a30000 | 0x04a30000 | 0x04a30fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004a40000 | 0x04a40000 | 0x04a40fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004a50000 | 0x04a50000 | 0x04a5ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004a60000 | 0x04a60000 | 0x04a9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004aa0000 | 0x04aa0000 | 0x04aa3fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004ab0000 | 0x04ab0000 | 0x04aeffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004ab0000 | 0x04ab0000 | 0x04ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ac0000 | 0x04ac0000 | 0x04ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ad0000 | 0x04ad0000 | 0x04ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ae0000 | 0x04ae0000 | 0x04ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004af0000 | 0x04af0000 | 0x04b2ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004af0000 | 0x04af0000 | 0x04af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b00000 | 0x04b00000 | 0x04b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b10000 | 0x04b10000 | 0x04b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b20000 | 0x04b20000 | 0x04b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b30000 | 0x04b30000 | 0x04b6ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004b30000 | 0x04b30000 | 0x04b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b40000 | 0x04b40000 | 0x04b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b50000 | 0x04b50000 | 0x04b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b60000 | 0x04b60000 | 0x04b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b70000 | 0x04b70000 | 0x04b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b80000 | 0x04b80000 | 0x04b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b90000 | 0x04b90000 | 0x04b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ba0000 | 0x04ba0000 | 0x04c9ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000004ca0000 | 0x04ca0000 | 0x04e27fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000004e30000 | 0x04e30000 | 0x04e6ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004e30000 | 0x04e30000 | 0x04e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004e40000 | 0x04e40000 | 0x04e7ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000004e40000 | 0x04e40000 | 0x04e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004e50000 | 0x04e50000 | 0x04e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004e60000 | 0x04e60000 | 0x04e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004e70000 | 0x04e70000 | 0x04e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004e80000 | 0x04e80000 | 0x04e8ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000004e90000 | 0x04e90000 | 0x05010fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000005020000 | 0x05020000 | 0x0641ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000006420000 | 0x06420000 | 0x0645ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006420000 | 0x06420000 | 0x0645ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006420000 | 0x06420000 | 0x06420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006430000 | 0x06430000 | 0x06430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006440000 | 0x06440000 | 0x06440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006450000 | 0x06450000 | 0x06450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006460000 | 0x06460000 | 0x0649ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006460000 | 0x06460000 | 0x06460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006470000 | 0x06470000 | 0x06470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006480000 | 0x06480000 | 0x06480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006490000 | 0x06490000 | 0x06490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000064a0000 | 0x064a0000 | 0x064dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000064a0000 | 0x064a0000 | 0x064a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000064b0000 | 0x064b0000 | 0x064b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000064c0000 | 0x064c0000 | 0x064c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000064d0000 | 0x064d0000 | 0x064d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000064e0000 | 0x064e0000 | 0x0651ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000064e0000 | 0x064e0000 | 0x064e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000064f0000 | 0x064f0000 | 0x064f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006500000 | 0x06500000 | 0x06500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006510000 | 0x06510000 | 0x06510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006520000 | 0x06520000 | 0x06520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006530000 | 0x06530000 | 0x06530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006540000 | 0x06540000 | 0x06540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006550000 | 0x06550000 | 0x0655ffff | Private Memory | Readable, Writable | | | | |
| SortDefault.nls | 0x06560000 | 0x06896fff | Memory Mapped File | Readable | | | | |
| private_0x00000000068a0000 | 0x068a0000 | 0x068dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000068a0000 | 0x068a0000 | 0x068a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000068b0000 | 0x068b0000 | 0x068effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000068b0000 | 0x068b0000 | 0x068b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000068c0000 | 0x068c0000 | 0x068c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000068d0000 | 0x068d0000 | 0x068d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000068e0000 | 0x068e0000 | 0x0691ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000068e0000 | 0x068e0000 | 0x068e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000068f0000 | 0x068f0000 | 0x0692ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000068f0000 | 0x068f0000 | 0x068f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006900000 | 0x06900000 | 0x06900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006910000 | 0x06910000 | 0x06910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006920000 | 0x06920000 | 0x06920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006930000 | 0x06930000 | 0x0696ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006930000 | 0x06930000 | 0x06930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006940000 | 0x06940000 | 0x06940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006950000 | 0x06950000 | 0x06950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006960000 | 0x06960000 | 0x06960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006970000 | 0x06970000 | 0x069affff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006970000 | 0x06970000 | 0x06970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006980000 | 0x06980000 | 0x06980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006990000 | 0x06990000 | 0x06990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000069a0000 | 0x069a0000 | 0x069a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000069b0000 | 0x069b0000 | 0x069effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000069b0000 | 0x069b0000 | 0x069b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000069c0000 | 0x069c0000 | 0x069c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000069d0000 | 0x069d0000 | 0x069d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000069e0000 | 0x069e0000 | 0x069e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000069f0000 | 0x069f0000 | 0x06a2ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000069f0000 | 0x069f0000 | 0x069f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006a00000 | 0x06a00000 | 0x06a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006a10000 | 0x06a10000 | 0x06a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006a20000 | 0x06a20000 | 0x06a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006a30000 | 0x06a30000 | 0x06a6ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006a30000 | 0x06a30000 | 0x06a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006a40000 | 0x06a40000 | 0x06a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006a50000 | 0x06a50000 | 0x06a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006a60000 | 0x06a60000 | 0x06a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006a70000 | 0x06a70000 | 0x06aaffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006a70000 | 0x06a70000 | 0x06a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006a80000 | 0x06a80000 | 0x06a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006a90000 | 0x06a90000 | 0x06a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006aa0000 | 0x06aa0000 | 0x06aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006ab0000 | 0x06ab0000 | 0x06aeffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006ab0000 | 0x06ab0000 | 0x06ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006ac0000 | 0x06ac0000 | 0x06ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006ad0000 | 0x06ad0000 | 0x06ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006ae0000 | 0x06ae0000 | 0x06ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006af0000 | 0x06af0000 | 0x06b2ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006af0000 | 0x06af0000 | 0x06af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006b00000 | 0x06b00000 | 0x06b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006b10000 | 0x06b10000 | 0x06b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006b20000 | 0x06b20000 | 0x06b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006b30000 | 0x06b30000 | 0x06b6ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006b30000 | 0x06b30000 | 0x06b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006b40000 | 0x06b40000 | 0x06b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006b50000 | 0x06b50000 | 0x06b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006b60000 | 0x06b60000 | 0x06b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006b70000 | 0x06b70000 | 0x06baffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006b70000 | 0x06b70000 | 0x06b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006b80000 | 0x06b80000 | 0x06b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006b90000 | 0x06b90000 | 0x06b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006ba0000 | 0x06ba0000 | 0x06ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006bb0000 | 0x06bb0000 | 0x06beffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006bb0000 | 0x06bb0000 | 0x06bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006bc0000 | 0x06bc0000 | 0x06bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006bd0000 | 0x06bd0000 | 0x06bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006be0000 | 0x06be0000 | 0x06be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006bf0000 | 0x06bf0000 | 0x06c2ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006bf0000 | 0x06bf0000 | 0x06bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006c00000 | 0x06c00000 | 0x06c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006c10000 | 0x06c10000 | 0x06c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006c20000 | 0x06c20000 | 0x06c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006c30000 | 0x06c30000 | 0x06c6ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006c30000 | 0x06c30000 | 0x06c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006c40000 | 0x06c40000 | 0x06c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006c50000 | 0x06c50000 | 0x06c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006c60000 | 0x06c60000 | 0x06c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006c70000 | 0x06c70000 | 0x06caffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006c70000 | 0x06c70000 | 0x06c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006c80000 | 0x06c80000 | 0x06c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006c90000 | 0x06c90000 | 0x06c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006ca0000 | 0x06ca0000 | 0x06ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006cb0000 | 0x06cb0000 | 0x06ceffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006cb0000 | 0x06cb0000 | 0x06cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006cc0000 | 0x06cc0000 | 0x06cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006cd0000 | 0x06cd0000 | 0x06cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006ce0000 | 0x06ce0000 | 0x06ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006cf0000 | 0x06cf0000 | 0x06d2ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006cf0000 | 0x06cf0000 | 0x06cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006d00000 | 0x06d00000 | 0x06d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006d10000 | 0x06d10000 | 0x06d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006d20000 | 0x06d20000 | 0x06d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006d30000 | 0x06d30000 | 0x06d6ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006d30000 | 0x06d30000 | 0x06d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006d40000 | 0x06d40000 | 0x06d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006d50000 | 0x06d50000 | 0x06d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006d60000 | 0x06d60000 | 0x06d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006d70000 | 0x06d70000 | 0x06daffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006d70000 | 0x06d70000 | 0x06d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006d80000 | 0x06d80000 | 0x06d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006d90000 | 0x06d90000 | 0x06d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006da0000 | 0x06da0000 | 0x06da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006db0000 | 0x06db0000 | 0x06deffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006db0000 | 0x06db0000 | 0x06db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006dc0000 | 0x06dc0000 | 0x06dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006dd0000 | 0x06dd0000 | 0x06dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006de0000 | 0x06de0000 | 0x06de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006df0000 | 0x06df0000 | 0x06e2ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006df0000 | 0x06df0000 | 0x06df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006e00000 | 0x06e00000 | 0x06e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006e10000 | 0x06e10000 | 0x06e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006e20000 | 0x06e20000 | 0x06e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006e30000 | 0x06e30000 | 0x06e6ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006e30000 | 0x06e30000 | 0x06e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006e40000 | 0x06e40000 | 0x06e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006e50000 | 0x06e50000 | 0x06e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006e60000 | 0x06e60000 | 0x06e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006e70000 | 0x06e70000 | 0x06eaffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006e70000 | 0x06e70000 | 0x06e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006e80000 | 0x06e80000 | 0x06e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006e90000 | 0x06e90000 | 0x06e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006ea0000 | 0x06ea0000 | 0x06ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006eb0000 | 0x06eb0000 | 0x06eeffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006eb0000 | 0x06eb0000 | 0x06eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006ec0000 | 0x06ec0000 | 0x06ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006ed0000 | 0x06ed0000 | 0x06ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006ee0000 | 0x06ee0000 | 0x06ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006ef0000 | 0x06ef0000 | 0x06f2ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006ef0000 | 0x06ef0000 | 0x06ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006f00000 | 0x06f00000 | 0x06f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006f10000 | 0x06f10000 | 0x06f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006f20000 | 0x06f20000 | 0x06f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006f30000 | 0x06f30000 | 0x06f6ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006f30000 | 0x06f30000 | 0x06f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006f40000 | 0x06f40000 | 0x06f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006f50000 | 0x06f50000 | 0x06f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006f60000 | 0x06f60000 | 0x06f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006f70000 | 0x06f70000 | 0x06faffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006f70000 | 0x06f70000 | 0x06f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006f80000 | 0x06f80000 | 0x06f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006f90000 | 0x06f90000 | 0x06f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006fa0000 | 0x06fa0000 | 0x06fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006fb0000 | 0x06fb0000 | 0x06feffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006fb0000 | 0x06fb0000 | 0x06fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006fc0000 | 0x06fc0000 | 0x06fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006fd0000 | 0x06fd0000 | 0x06fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006fe0000 | 0x06fe0000 | 0x06fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000006ff0000 | 0x06ff0000 | 0x0702ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000006ff0000 | 0x06ff0000 | 0x06ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007000000 | 0x07000000 | 0x07000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007010000 | 0x07010000 | 0x07010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007020000 | 0x07020000 | 0x07020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007030000 | 0x07030000 | 0x0706ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007030000 | 0x07030000 | 0x07030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007040000 | 0x07040000 | 0x07040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007050000 | 0x07050000 | 0x07050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007060000 | 0x07060000 | 0x07060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007070000 | 0x07070000 | 0x070affff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007070000 | 0x07070000 | 0x07070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007080000 | 0x07080000 | 0x07080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007090000 | 0x07090000 | 0x07090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000070a0000 | 0x070a0000 | 0x070dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000070b0000 | 0x070b0000 | 0x070effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000070e0000 | 0x070e0000 | 0x0711ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007120000 | 0x07120000 | 0x07120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007130000 | 0x07130000 | 0x07130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007140000 | 0x07140000 | 0x07140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007150000 | 0x07150000 | 0x07150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007160000 | 0x07160000 | 0x0719ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007160000 | 0x07160000 | 0x07160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007170000 | 0x07170000 | 0x07170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007180000 | 0x07180000 | 0x07180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007190000 | 0x07190000 | 0x07190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000071a0000 | 0x071a0000 | 0x071dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000071a0000 | 0x071a0000 | 0x071a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000071b0000 | 0x071b0000 | 0x071b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000071c0000 | 0x071c0000 | 0x071c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000071d0000 | 0x071d0000 | 0x0720ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000071e0000 | 0x071e0000 | 0x0721ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007210000 | 0x07210000 | 0x0724ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007250000 | 0x07250000 | 0x07250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007260000 | 0x07260000 | 0x07260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007270000 | 0x07270000 | 0x07270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007280000 | 0x07280000 | 0x07280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007290000 | 0x07290000 | 0x072cffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007290000 | 0x07290000 | 0x07290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000072a0000 | 0x072a0000 | 0x072a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000072b0000 | 0x072b0000 | 0x072b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000072c0000 | 0x072c0000 | 0x072c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000072d0000 | 0x072d0000 | 0x0730ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000072d0000 | 0x072d0000 | 0x072d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000072e0000 | 0x072e0000 | 0x072e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000072f0000 | 0x072f0000 | 0x072f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007300000 | 0x07300000 | 0x07300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007310000 | 0x07310000 | 0x0734ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007310000 | 0x07310000 | 0x07310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007320000 | 0x07320000 | 0x07320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007330000 | 0x07330000 | 0x07330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007340000 | 0x07340000 | 0x0737ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007350000 | 0x07350000 | 0x0738ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007380000 | 0x07380000 | 0x073bffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000073c0000 | 0x073c0000 | 0x073c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000073d0000 | 0x073d0000 | 0x073d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000073e0000 | 0x073e0000 | 0x073e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000073f0000 | 0x073f0000 | 0x073f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007400000 | 0x07400000 | 0x0743ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007400000 | 0x07400000 | 0x07400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007410000 | 0x07410000 | 0x07410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007420000 | 0x07420000 | 0x07420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007430000 | 0x07430000 | 0x07430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007440000 | 0x07440000 | 0x0747ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007440000 | 0x07440000 | 0x07440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007450000 | 0x07450000 | 0x07450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007460000 | 0x07460000 | 0x07460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007470000 | 0x07470000 | 0x07470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007480000 | 0x07480000 | 0x074bffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007480000 | 0x07480000 | 0x07480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007490000 | 0x07490000 | 0x07490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000074a0000 | 0x074a0000 | 0x074a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000074b0000 | 0x074b0000 | 0x074effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000074c0000 | 0x074c0000 | 0x074fffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000074f0000 | 0x074f0000 | 0x0752ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007530000 | 0x07530000 | 0x07530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007540000 | 0x07540000 | 0x07540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007550000 | 0x07550000 | 0x07550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007560000 | 0x07560000 | 0x07560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007570000 | 0x07570000 | 0x075affff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007570000 | 0x07570000 | 0x07570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007580000 | 0x07580000 | 0x07580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007590000 | 0x07590000 | 0x07590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000075a0000 | 0x075a0000 | 0x075a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000075b0000 | 0x075b0000 | 0x075effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000075b0000 | 0x075b0000 | 0x075b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000075c0000 | 0x075c0000 | 0x075c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000075d0000 | 0x075d0000 | 0x075d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000075e0000 | 0x075e0000 | 0x075e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000075f0000 | 0x075f0000 | 0x0762ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000075f0000 | 0x075f0000 | 0x075f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007600000 | 0x07600000 | 0x07600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007610000 | 0x07610000 | 0x07610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007620000 | 0x07620000 | 0x07620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007630000 | 0x07630000 | 0x0766ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007630000 | 0x07630000 | 0x07630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007640000 | 0x07640000 | 0x07640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007650000 | 0x07650000 | 0x07650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007660000 | 0x07660000 | 0x07660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007670000 | 0x07670000 | 0x076affff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007670000 | 0x07670000 | 0x07670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007680000 | 0x07680000 | 0x07680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007690000 | 0x07690000 | 0x07690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000076a0000 | 0x076a0000 | 0x076a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000076b0000 | 0x076b0000 | 0x076effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000076b0000 | 0x076b0000 | 0x076b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000076c0000 | 0x076c0000 | 0x076c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000076d0000 | 0x076d0000 | 0x076d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000076e0000 | 0x076e0000 | 0x076e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000076f0000 | 0x076f0000 | 0x0772ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000076f0000 | 0x076f0000 | 0x076f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007700000 | 0x07700000 | 0x07700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007710000 | 0x07710000 | 0x07710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007720000 | 0x07720000 | 0x07720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007730000 | 0x07730000 | 0x0776ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007730000 | 0x07730000 | 0x07730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007740000 | 0x07740000 | 0x07740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007750000 | 0x07750000 | 0x07750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007760000 | 0x07760000 | 0x07760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007770000 | 0x07770000 | 0x077affff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007770000 | 0x07770000 | 0x07770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007780000 | 0x07780000 | 0x07780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007790000 | 0x07790000 | 0x07790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000077a0000 | 0x077a0000 | 0x077a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000077b0000 | 0x077b0000 | 0x077effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000077b0000 | 0x077b0000 | 0x077b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000077c0000 | 0x077c0000 | 0x077c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000077d0000 | 0x077d0000 | 0x077d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000077e0000 | 0x077e0000 | 0x077e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000077f0000 | 0x077f0000 | 0x0782ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000077f0000 | 0x077f0000 | 0x077f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007800000 | 0x07800000 | 0x07800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007810000 | 0x07810000 | 0x07810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007820000 | 0x07820000 | 0x07820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007830000 | 0x07830000 | 0x0786ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007830000 | 0x07830000 | 0x07830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007840000 | 0x07840000 | 0x07840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007850000 | 0x07850000 | 0x07850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007860000 | 0x07860000 | 0x07860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007870000 | 0x07870000 | 0x078affff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007870000 | 0x07870000 | 0x07870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007880000 | 0x07880000 | 0x07880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007890000 | 0x07890000 | 0x07890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000078a0000 | 0x078a0000 | 0x078a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000078b0000 | 0x078b0000 | 0x078effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000078b0000 | 0x078b0000 | 0x078b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000078c0000 | 0x078c0000 | 0x078c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000078d0000 | 0x078d0000 | 0x078d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000078e0000 | 0x078e0000 | 0x0791ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000078f0000 | 0x078f0000 | 0x0792ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007920000 | 0x07920000 | 0x0795ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007960000 | 0x07960000 | 0x07960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007970000 | 0x07970000 | 0x07970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007980000 | 0x07980000 | 0x07980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007990000 | 0x07990000 | 0x07990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000079a0000 | 0x079a0000 | 0x079dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000079a0000 | 0x079a0000 | 0x079a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000079b0000 | 0x079b0000 | 0x079b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000079c0000 | 0x079c0000 | 0x079c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000079d0000 | 0x079d0000 | 0x079d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000079e0000 | 0x079e0000 | 0x07a1ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000079e0000 | 0x079e0000 | 0x079e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000079f0000 | 0x079f0000 | 0x079f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007a00000 | 0x07a00000 | 0x07a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007a10000 | 0x07a10000 | 0x07a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007a20000 | 0x07a20000 | 0x07a5ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007a20000 | 0x07a20000 | 0x07a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007a30000 | 0x07a30000 | 0x07a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007a40000 | 0x07a40000 | 0x07a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007a50000 | 0x07a50000 | 0x07a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007a60000 | 0x07a60000 | 0x07a9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007a60000 | 0x07a60000 | 0x07a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007a70000 | 0x07a70000 | 0x07a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007a80000 | 0x07a80000 | 0x07a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007a90000 | 0x07a90000 | 0x07a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007aa0000 | 0x07aa0000 | 0x07adffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007aa0000 | 0x07aa0000 | 0x07aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007ab0000 | 0x07ab0000 | 0x07ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007ac0000 | 0x07ac0000 | 0x07ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007ad0000 | 0x07ad0000 | 0x07ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007ae0000 | 0x07ae0000 | 0x07b1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007ae0000 | 0x07ae0000 | 0x07ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007af0000 | 0x07af0000 | 0x07af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007b00000 | 0x07b00000 | 0x07b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007b10000 | 0x07b10000 | 0x07b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007b20000 | 0x07b20000 | 0x07b5ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007b20000 | 0x07b20000 | 0x07b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007b30000 | 0x07b30000 | 0x07b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007b40000 | 0x07b40000 | 0x07b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007b50000 | 0x07b50000 | 0x07b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007b60000 | 0x07b60000 | 0x07b9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007b60000 | 0x07b60000 | 0x07b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007b70000 | 0x07b70000 | 0x07b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007b80000 | 0x07b80000 | 0x07b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007b90000 | 0x07b90000 | 0x07b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007ba0000 | 0x07ba0000 | 0x07bdffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007ba0000 | 0x07ba0000 | 0x07ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007bb0000 | 0x07bb0000 | 0x07bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007bc0000 | 0x07bc0000 | 0x07bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007bd0000 | 0x07bd0000 | 0x07bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007be0000 | 0x07be0000 | 0x07c1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007be0000 | 0x07be0000 | 0x07be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007bf0000 | 0x07bf0000 | 0x07bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007c00000 | 0x07c00000 | 0x07c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007c10000 | 0x07c10000 | 0x07c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007c20000 | 0x07c20000 | 0x07c5ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007c20000 | 0x07c20000 | 0x07c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007c30000 | 0x07c30000 | 0x07c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007c40000 | 0x07c40000 | 0x07c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007c50000 | 0x07c50000 | 0x07c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007c60000 | 0x07c60000 | 0x07c9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007c60000 | 0x07c60000 | 0x07c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007c70000 | 0x07c70000 | 0x07c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007c80000 | 0x07c80000 | 0x07c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007c90000 | 0x07c90000 | 0x07c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007ca0000 | 0x07ca0000 | 0x07cdffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007ca0000 | 0x07ca0000 | 0x07ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007cb0000 | 0x07cb0000 | 0x07cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007cc0000 | 0x07cc0000 | 0x07cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007cd0000 | 0x07cd0000 | 0x07cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007ce0000 | 0x07ce0000 | 0x07d1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007ce0000 | 0x07ce0000 | 0x07ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007cf0000 | 0x07cf0000 | 0x07cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d00000 | 0x07d00000 | 0x07d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d10000 | 0x07d10000 | 0x07d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d20000 | 0x07d20000 | 0x07d5ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007d20000 | 0x07d20000 | 0x07d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d30000 | 0x07d30000 | 0x07d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d40000 | 0x07d40000 | 0x07d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d50000 | 0x07d50000 | 0x07d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d60000 | 0x07d60000 | 0x07d9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007d60000 | 0x07d60000 | 0x07d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d70000 | 0x07d70000 | 0x07d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d80000 | 0x07d80000 | 0x07d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007d90000 | 0x07d90000 | 0x07d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007da0000 | 0x07da0000 | 0x07ddffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007da0000 | 0x07da0000 | 0x07da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007db0000 | 0x07db0000 | 0x07db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007dc0000 | 0x07dc0000 | 0x07dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007dd0000 | 0x07dd0000 | 0x07dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007de0000 | 0x07de0000 | 0x07e1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007de0000 | 0x07de0000 | 0x07de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007df0000 | 0x07df0000 | 0x07df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e00000 | 0x07e00000 | 0x07e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e10000 | 0x07e10000 | 0x07e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e20000 | 0x07e20000 | 0x07e5ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007e20000 | 0x07e20000 | 0x07e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e30000 | 0x07e30000 | 0x07e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e40000 | 0x07e40000 | 0x07e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e50000 | 0x07e50000 | 0x07e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e60000 | 0x07e60000 | 0x07e9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007e60000 | 0x07e60000 | 0x07e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e70000 | 0x07e70000 | 0x07e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e80000 | 0x07e80000 | 0x07e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007e90000 | 0x07e90000 | 0x07e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007ea0000 | 0x07ea0000 | 0x07edffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007ea0000 | 0x07ea0000 | 0x07ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007eb0000 | 0x07eb0000 | 0x07eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007ec0000 | 0x07ec0000 | 0x07ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007ed0000 | 0x07ed0000 | 0x07ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007ee0000 | 0x07ee0000 | 0x07f1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007ee0000 | 0x07ee0000 | 0x07ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007ef0000 | 0x07ef0000 | 0x07ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007f00000 | 0x07f00000 | 0x07f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007f10000 | 0x07f10000 | 0x07f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007f20000 | 0x07f20000 | 0x07f5ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007f20000 | 0x07f20000 | 0x07f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007f30000 | 0x07f30000 | 0x07f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007f40000 | 0x07f40000 | 0x07f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007f50000 | 0x07f50000 | 0x07f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007f60000 | 0x07f60000 | 0x07f9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007f60000 | 0x07f60000 | 0x07f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007f70000 | 0x07f70000 | 0x07f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007f80000 | 0x07f80000 | 0x07f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007f90000 | 0x07f90000 | 0x07f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007fa0000 | 0x07fa0000 | 0x07fdffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007fa0000 | 0x07fa0000 | 0x07fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007fb0000 | 0x07fb0000 | 0x07fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007fc0000 | 0x07fc0000 | 0x07fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007fd0000 | 0x07fd0000 | 0x07fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007fe0000 | 0x07fe0000 | 0x0801ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000007fe0000 | 0x07fe0000 | 0x07fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000007ff0000 | 0x07ff0000 | 0x07ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008000000 | 0x08000000 | 0x08000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008010000 | 0x08010000 | 0x08010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008020000 | 0x08020000 | 0x0805ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008020000 | 0x08020000 | 0x08020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008030000 | 0x08030000 | 0x08030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008040000 | 0x08040000 | 0x08040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008050000 | 0x08050000 | 0x08050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008060000 | 0x08060000 | 0x0809ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008060000 | 0x08060000 | 0x08060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008070000 | 0x08070000 | 0x08070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008080000 | 0x08080000 | 0x08080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008090000 | 0x08090000 | 0x08090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000080a0000 | 0x080a0000 | 0x080dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000080a0000 | 0x080a0000 | 0x080a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000080b0000 | 0x080b0000 | 0x080b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000080c0000 | 0x080c0000 | 0x080c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000080d0000 | 0x080d0000 | 0x080d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000080e0000 | 0x080e0000 | 0x0811ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000080e0000 | 0x080e0000 | 0x080e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000080f0000 | 0x080f0000 | 0x080f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008100000 | 0x08100000 | 0x08100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008110000 | 0x08110000 | 0x08110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008120000 | 0x08120000 | 0x0815ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008120000 | 0x08120000 | 0x08120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008130000 | 0x08130000 | 0x08130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008140000 | 0x08140000 | 0x08140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008150000 | 0x08150000 | 0x08150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008160000 | 0x08160000 | 0x0819ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008160000 | 0x08160000 | 0x08160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008170000 | 0x08170000 | 0x08170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008180000 | 0x08180000 | 0x08180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008190000 | 0x08190000 | 0x08190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000081a0000 | 0x081a0000 | 0x081dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000081a0000 | 0x081a0000 | 0x081a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000081b0000 | 0x081b0000 | 0x081b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000081c0000 | 0x081c0000 | 0x081c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000081d0000 | 0x081d0000 | 0x081d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000081e0000 | 0x081e0000 | 0x0821ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000081e0000 | 0x081e0000 | 0x081e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000081f0000 | 0x081f0000 | 0x081f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008200000 | 0x08200000 | 0x08200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008210000 | 0x08210000 | 0x08210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008220000 | 0x08220000 | 0x0825ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008220000 | 0x08220000 | 0x08220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008230000 | 0x08230000 | 0x08230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008240000 | 0x08240000 | 0x08240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008250000 | 0x08250000 | 0x08250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008260000 | 0x08260000 | 0x0829ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008260000 | 0x08260000 | 0x08260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008270000 | 0x08270000 | 0x08270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008280000 | 0x08280000 | 0x08280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008290000 | 0x08290000 | 0x08290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000082a0000 | 0x082a0000 | 0x082dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000082a0000 | 0x082a0000 | 0x082a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000082b0000 | 0x082b0000 | 0x082b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000082c0000 | 0x082c0000 | 0x082c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000082d0000 | 0x082d0000 | 0x082d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000082e0000 | 0x082e0000 | 0x0831ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000082e0000 | 0x082e0000 | 0x082e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000082f0000 | 0x082f0000 | 0x082f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008300000 | 0x08300000 | 0x08300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008310000 | 0x08310000 | 0x08310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008320000 | 0x08320000 | 0x0835ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008320000 | 0x08320000 | 0x08320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008330000 | 0x08330000 | 0x08330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008340000 | 0x08340000 | 0x08340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008350000 | 0x08350000 | 0x08350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008360000 | 0x08360000 | 0x0839ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008360000 | 0x08360000 | 0x08360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008370000 | 0x08370000 | 0x08370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008380000 | 0x08380000 | 0x08380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008390000 | 0x08390000 | 0x08390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000083a0000 | 0x083a0000 | 0x083dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000083a0000 | 0x083a0000 | 0x083a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000083b0000 | 0x083b0000 | 0x083b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000083c0000 | 0x083c0000 | 0x083c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000083d0000 | 0x083d0000 | 0x083d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000083e0000 | 0x083e0000 | 0x0841ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000083e0000 | 0x083e0000 | 0x083e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000083f0000 | 0x083f0000 | 0x083f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008400000 | 0x08400000 | 0x08400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008410000 | 0x08410000 | 0x08410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008420000 | 0x08420000 | 0x0845ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008420000 | 0x08420000 | 0x08420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008430000 | 0x08430000 | 0x08430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008440000 | 0x08440000 | 0x08440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008450000 | 0x08450000 | 0x08450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008460000 | 0x08460000 | 0x0849ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008460000 | 0x08460000 | 0x08460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008470000 | 0x08470000 | 0x08470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008480000 | 0x08480000 | 0x08480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008490000 | 0x08490000 | 0x08490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000084a0000 | 0x084a0000 | 0x084dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000084a0000 | 0x084a0000 | 0x084a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000084b0000 | 0x084b0000 | 0x084b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000084c0000 | 0x084c0000 | 0x084c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000084d0000 | 0x084d0000 | 0x084d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000084e0000 | 0x084e0000 | 0x0851ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000084e0000 | 0x084e0000 | 0x084e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000084f0000 | 0x084f0000 | 0x084f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008500000 | 0x08500000 | 0x08500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008510000 | 0x08510000 | 0x08510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008520000 | 0x08520000 | 0x0855ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008520000 | 0x08520000 | 0x08520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008530000 | 0x08530000 | 0x08530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008540000 | 0x08540000 | 0x08540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008550000 | 0x08550000 | 0x08550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008560000 | 0x08560000 | 0x0859ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008560000 | 0x08560000 | 0x08560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008570000 | 0x08570000 | 0x08570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008580000 | 0x08580000 | 0x08580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008590000 | 0x08590000 | 0x08590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000085a0000 | 0x085a0000 | 0x085dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000085a0000 | 0x085a0000 | 0x085a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000085b0000 | 0x085b0000 | 0x085b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000085c0000 | 0x085c0000 | 0x085c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000085d0000 | 0x085d0000 | 0x085d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000085e0000 | 0x085e0000 | 0x0861ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000085e0000 | 0x085e0000 | 0x085e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000085f0000 | 0x085f0000 | 0x085f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008600000 | 0x08600000 | 0x08600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008610000 | 0x08610000 | 0x08610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008620000 | 0x08620000 | 0x0865ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008620000 | 0x08620000 | 0x08620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008630000 | 0x08630000 | 0x08630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008640000 | 0x08640000 | 0x08640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008650000 | 0x08650000 | 0x08650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008660000 | 0x08660000 | 0x0869ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008660000 | 0x08660000 | 0x08660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008670000 | 0x08670000 | 0x08670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008680000 | 0x08680000 | 0x08680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008690000 | 0x08690000 | 0x08690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000086a0000 | 0x086a0000 | 0x086dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000086a0000 | 0x086a0000 | 0x086a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000086b0000 | 0x086b0000 | 0x086b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000086c0000 | 0x086c0000 | 0x086c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000086d0000 | 0x086d0000 | 0x086d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000086e0000 | 0x086e0000 | 0x0871ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000086e0000 | 0x086e0000 | 0x086e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000086f0000 | 0x086f0000 | 0x086f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008700000 | 0x08700000 | 0x08700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008710000 | 0x08710000 | 0x08710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008720000 | 0x08720000 | 0x0875ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008720000 | 0x08720000 | 0x08720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008730000 | 0x08730000 | 0x08730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008740000 | 0x08740000 | 0x08740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008750000 | 0x08750000 | 0x08750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008760000 | 0x08760000 | 0x0879ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008760000 | 0x08760000 | 0x08760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008770000 | 0x08770000 | 0x08770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008780000 | 0x08780000 | 0x08780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008790000 | 0x08790000 | 0x08790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000087a0000 | 0x087a0000 | 0x087dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000087a0000 | 0x087a0000 | 0x087a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000087b0000 | 0x087b0000 | 0x087b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000087c0000 | 0x087c0000 | 0x087c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000087d0000 | 0x087d0000 | 0x087d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000087e0000 | 0x087e0000 | 0x0881ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000087e0000 | 0x087e0000 | 0x087e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000087f0000 | 0x087f0000 | 0x087f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008800000 | 0x08800000 | 0x08800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008810000 | 0x08810000 | 0x08810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008820000 | 0x08820000 | 0x0885ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008820000 | 0x08820000 | 0x08820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008830000 | 0x08830000 | 0x08830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008840000 | 0x08840000 | 0x08840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008850000 | 0x08850000 | 0x08850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008860000 | 0x08860000 | 0x0889ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008860000 | 0x08860000 | 0x08860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008870000 | 0x08870000 | 0x08870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008880000 | 0x08880000 | 0x08880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008890000 | 0x08890000 | 0x08890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000088a0000 | 0x088a0000 | 0x088dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000088a0000 | 0x088a0000 | 0x088a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000088b0000 | 0x088b0000 | 0x088b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000088c0000 | 0x088c0000 | 0x088c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000088d0000 | 0x088d0000 | 0x088d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000088e0000 | 0x088e0000 | 0x0891ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000088e0000 | 0x088e0000 | 0x088e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000088f0000 | 0x088f0000 | 0x088f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008900000 | 0x08900000 | 0x08900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008910000 | 0x08910000 | 0x08910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008920000 | 0x08920000 | 0x0895ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008920000 | 0x08920000 | 0x08920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008930000 | 0x08930000 | 0x08930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008940000 | 0x08940000 | 0x08940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008950000 | 0x08950000 | 0x08950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008960000 | 0x08960000 | 0x0899ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008960000 | 0x08960000 | 0x08960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008970000 | 0x08970000 | 0x08970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008980000 | 0x08980000 | 0x08980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008990000 | 0x08990000 | 0x08990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000089a0000 | 0x089a0000 | 0x089dffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000089a0000 | 0x089a0000 | 0x089a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000089b0000 | 0x089b0000 | 0x089b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000089c0000 | 0x089c0000 | 0x089c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000089d0000 | 0x089d0000 | 0x089d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000089e0000 | 0x089e0000 | 0x08a1ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000089e0000 | 0x089e0000 | 0x089e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000089f0000 | 0x089f0000 | 0x089f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008a00000 | 0x08a00000 | 0x08a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008a10000 | 0x08a10000 | 0x08a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008a20000 | 0x08a20000 | 0x08a5ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008a20000 | 0x08a20000 | 0x08a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008a30000 | 0x08a30000 | 0x08a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008a40000 | 0x08a40000 | 0x08a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008a50000 | 0x08a50000 | 0x08a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008a60000 | 0x08a60000 | 0x08a9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008a60000 | 0x08a60000 | 0x08a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008a70000 | 0x08a70000 | 0x08a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008a80000 | 0x08a80000 | 0x08a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008a90000 | 0x08a90000 | 0x08a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008aa0000 | 0x08aa0000 | 0x08adffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008aa0000 | 0x08aa0000 | 0x08aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008ab0000 | 0x08ab0000 | 0x08ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008ac0000 | 0x08ac0000 | 0x08ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008ad0000 | 0x08ad0000 | 0x08ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008ae0000 | 0x08ae0000 | 0x08b1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008ae0000 | 0x08ae0000 | 0x08ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008af0000 | 0x08af0000 | 0x08af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008b00000 | 0x08b00000 | 0x08b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008b10000 | 0x08b10000 | 0x08b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008b20000 | 0x08b20000 | 0x08b5ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008b20000 | 0x08b20000 | 0x08b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008b30000 | 0x08b30000 | 0x08b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008b40000 | 0x08b40000 | 0x08b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008b50000 | 0x08b50000 | 0x08b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008b60000 | 0x08b60000 | 0x08b9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008b60000 | 0x08b60000 | 0x08b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008b70000 | 0x08b70000 | 0x08b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008b80000 | 0x08b80000 | 0x08b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008b90000 | 0x08b90000 | 0x08b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008ba0000 | 0x08ba0000 | 0x08bdffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008ba0000 | 0x08ba0000 | 0x08ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008bb0000 | 0x08bb0000 | 0x08bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008bc0000 | 0x08bc0000 | 0x08bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008bd0000 | 0x08bd0000 | 0x08bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008be0000 | 0x08be0000 | 0x08c1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008be0000 | 0x08be0000 | 0x08be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008bf0000 | 0x08bf0000 | 0x08bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008c00000 | 0x08c00000 | 0x08c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008c10000 | 0x08c10000 | 0x08c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008c20000 | 0x08c20000 | 0x08c5ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008c20000 | 0x08c20000 | 0x08c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008c30000 | 0x08c30000 | 0x08c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008c40000 | 0x08c40000 | 0x08c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008c50000 | 0x08c50000 | 0x08c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008c60000 | 0x08c60000 | 0x08c9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008c60000 | 0x08c60000 | 0x08c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008c70000 | 0x08c70000 | 0x08c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008c80000 | 0x08c80000 | 0x08c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008c90000 | 0x08c90000 | 0x08c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008ca0000 | 0x08ca0000 | 0x08cdffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008ca0000 | 0x08ca0000 | 0x08ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008cb0000 | 0x08cb0000 | 0x08cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008cc0000 | 0x08cc0000 | 0x08cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008cd0000 | 0x08cd0000 | 0x08cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008ce0000 | 0x08ce0000 | 0x08d1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008ce0000 | 0x08ce0000 | 0x08ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008cf0000 | 0x08cf0000 | 0x08cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008d00000 | 0x08d00000 | 0x08d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008d10000 | 0x08d10000 | 0x08d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008d20000 | 0x08d20000 | 0x08d5ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008d20000 | 0x08d20000 | 0x08d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008d30000 | 0x08d30000 | 0x08d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008d40000 | 0x08d40000 | 0x08d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008d50000 | 0x08d50000 | 0x08d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008d60000 | 0x08d60000 | 0x08d9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008d60000 | 0x08d60000 | 0x08d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008d70000 | 0x08d70000 | 0x08d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008d80000 | 0x08d80000 | 0x08d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008d90000 | 0x08d90000 | 0x08d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008da0000 | 0x08da0000 | 0x08ddffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008da0000 | 0x08da0000 | 0x08da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008db0000 | 0x08db0000 | 0x08db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008dc0000 | 0x08dc0000 | 0x08dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008dd0000 | 0x08dd0000 | 0x08dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008de0000 | 0x08de0000 | 0x08e1ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008de0000 | 0x08de0000 | 0x08de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008df0000 | 0x08df0000 | 0x08df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008e00000 | 0x08e00000 | 0x08e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008e10000 | 0x08e10000 | 0x08e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008e20000 | 0x08e20000 | 0x08e5ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008e20000 | 0x08e20000 | 0x08e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008e30000 | 0x08e30000 | 0x08e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008e40000 | 0x08e40000 | 0x08e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008e50000 | 0x08e50000 | 0x08e8ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008e60000 | 0x08e60000 | 0x08e9ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008e90000 | 0x08e90000 | 0x08ecffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008ed0000 | 0x08ed0000 | 0x08ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008ee0000 | 0x08ee0000 | 0x08ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008ef0000 | 0x08ef0000 | 0x08ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008f00000 | 0x08f00000 | 0x08f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008f10000 | 0x08f10000 | 0x08f4ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008f10000 | 0x08f10000 | 0x08f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008f20000 | 0x08f20000 | 0x08f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008f30000 | 0x08f30000 | 0x08f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008f40000 | 0x08f40000 | 0x08f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008f50000 | 0x08f50000 | 0x08f8ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008f50000 | 0x08f50000 | 0x08f8ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008f50000 | 0x08f50000 | 0x08f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008f60000 | 0x08f60000 | 0x08f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008f70000 | 0x08f70000 | 0x08f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008f80000 | 0x08f80000 | 0x08f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008f90000 | 0x08f90000 | 0x08fcffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008f90000 | 0x08f90000 | 0x08f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008fa0000 | 0x08fa0000 | 0x08fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008fb0000 | 0x08fb0000 | 0x08fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000008fc0000 | 0x08fc0000 | 0x08ffffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000008fd0000 | 0x08fd0000 | 0x0900ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009000000 | 0x09000000 | 0x0903ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009040000 | 0x09040000 | 0x09040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009050000 | 0x09050000 | 0x09050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009060000 | 0x09060000 | 0x09060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009070000 | 0x09070000 | 0x09070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009080000 | 0x09080000 | 0x090bffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009080000 | 0x09080000 | 0x09080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009090000 | 0x09090000 | 0x09090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000090a0000 | 0x090a0000 | 0x090a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000090b0000 | 0x090b0000 | 0x090b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000090c0000 | 0x090c0000 | 0x090fffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000090c0000 | 0x090c0000 | 0x090c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000090d0000 | 0x090d0000 | 0x090d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000090e0000 | 0x090e0000 | 0x090e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000090f0000 | 0x090f0000 | 0x090f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009100000 | 0x09100000 | 0x0913ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009100000 | 0x09100000 | 0x09100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009110000 | 0x09110000 | 0x09110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009120000 | 0x09120000 | 0x09120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009130000 | 0x09130000 | 0x09130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009140000 | 0x09140000 | 0x0917ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009140000 | 0x09140000 | 0x09140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009150000 | 0x09150000 | 0x09150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009160000 | 0x09160000 | 0x09160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009170000 | 0x09170000 | 0x09170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009180000 | 0x09180000 | 0x091bffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009180000 | 0x09180000 | 0x09180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009190000 | 0x09190000 | 0x09190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000091a0000 | 0x091a0000 | 0x091a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000091b0000 | 0x091b0000 | 0x091b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000091c0000 | 0x091c0000 | 0x091fffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000091c0000 | 0x091c0000 | 0x091c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000091d0000 | 0x091d0000 | 0x091d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000091e0000 | 0x091e0000 | 0x091e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000091f0000 | 0x091f0000 | 0x091f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009200000 | 0x09200000 | 0x0923ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009200000 | 0x09200000 | 0x09200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009210000 | 0x09210000 | 0x09210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009220000 | 0x09220000 | 0x09220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009230000 | 0x09230000 | 0x09230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009240000 | 0x09240000 | 0x0927ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009240000 | 0x09240000 | 0x09240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009250000 | 0x09250000 | 0x09250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009260000 | 0x09260000 | 0x09260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009270000 | 0x09270000 | 0x09270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009280000 | 0x09280000 | 0x092bffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009280000 | 0x09280000 | 0x09280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009290000 | 0x09290000 | 0x09290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000092a0000 | 0x092a0000 | 0x092a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000092b0000 | 0x092b0000 | 0x092b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000092c0000 | 0x092c0000 | 0x092fffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000092c0000 | 0x092c0000 | 0x092c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000092d0000 | 0x092d0000 | 0x092d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000092e0000 | 0x092e0000 | 0x092e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000092f0000 | 0x092f0000 | 0x092f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009300000 | 0x09300000 | 0x0933ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009300000 | 0x09300000 | 0x09300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009310000 | 0x09310000 | 0x09310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009320000 | 0x09320000 | 0x09320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009330000 | 0x09330000 | 0x09330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009340000 | 0x09340000 | 0x0937ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009340000 | 0x09340000 | 0x09340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009350000 | 0x09350000 | 0x09350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009360000 | 0x09360000 | 0x09360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009370000 | 0x09370000 | 0x09370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009380000 | 0x09380000 | 0x093bffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009380000 | 0x09380000 | 0x09380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009390000 | 0x09390000 | 0x09390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000093a0000 | 0x093a0000 | 0x093a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000093b0000 | 0x093b0000 | 0x093effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000093c0000 | 0x093c0000 | 0x093fffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000093f0000 | 0x093f0000 | 0x0942ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009430000 | 0x09430000 | 0x09430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009440000 | 0x09440000 | 0x09440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009450000 | 0x09450000 | 0x09450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009460000 | 0x09460000 | 0x09460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009470000 | 0x09470000 | 0x094affff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009470000 | 0x09470000 | 0x09470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009480000 | 0x09480000 | 0x09480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009490000 | 0x09490000 | 0x09490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000094a0000 | 0x094a0000 | 0x094a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000094b0000 | 0x094b0000 | 0x094effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000094b0000 | 0x094b0000 | 0x094b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000094c0000 | 0x094c0000 | 0x094c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000094d0000 | 0x094d0000 | 0x094d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000094e0000 | 0x094e0000 | 0x094e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000094f0000 | 0x094f0000 | 0x0952ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000094f0000 | 0x094f0000 | 0x094f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009500000 | 0x09500000 | 0x09500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009510000 | 0x09510000 | 0x09510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009520000 | 0x09520000 | 0x09520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009530000 | 0x09530000 | 0x0956ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009530000 | 0x09530000 | 0x09530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009540000 | 0x09540000 | 0x09540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009550000 | 0x09550000 | 0x09550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009560000 | 0x09560000 | 0x09560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009570000 | 0x09570000 | 0x095affff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009570000 | 0x09570000 | 0x09570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009580000 | 0x09580000 | 0x09580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009590000 | 0x09590000 | 0x09590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000095a0000 | 0x095a0000 | 0x095a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000095b0000 | 0x095b0000 | 0x095effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000095b0000 | 0x095b0000 | 0x095b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000095c0000 | 0x095c0000 | 0x095c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000095d0000 | 0x095d0000 | 0x095d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000095e0000 | 0x095e0000 | 0x095e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000095f0000 | 0x095f0000 | 0x0962ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000095f0000 | 0x095f0000 | 0x095f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009600000 | 0x09600000 | 0x09600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009610000 | 0x09610000 | 0x09610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009620000 | 0x09620000 | 0x09620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009630000 | 0x09630000 | 0x0966ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009630000 | 0x09630000 | 0x09630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009640000 | 0x09640000 | 0x09640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009650000 | 0x09650000 | 0x09650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009660000 | 0x09660000 | 0x09660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009670000 | 0x09670000 | 0x096affff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009670000 | 0x09670000 | 0x09670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009680000 | 0x09680000 | 0x09680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009690000 | 0x09690000 | 0x09690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000096a0000 | 0x096a0000 | 0x096a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000096b0000 | 0x096b0000 | 0x096effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000096b0000 | 0x096b0000 | 0x096b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000096c0000 | 0x096c0000 | 0x096c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000096d0000 | 0x096d0000 | 0x096d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000096e0000 | 0x096e0000 | 0x096e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000096f0000 | 0x096f0000 | 0x0972ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000096f0000 | 0x096f0000 | 0x096f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009700000 | 0x09700000 | 0x09700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009710000 | 0x09710000 | 0x09710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009720000 | 0x09720000 | 0x09720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009730000 | 0x09730000 | 0x0976ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009730000 | 0x09730000 | 0x09730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009740000 | 0x09740000 | 0x09740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009750000 | 0x09750000 | 0x09750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009760000 | 0x09760000 | 0x09760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009770000 | 0x09770000 | 0x097affff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009770000 | 0x09770000 | 0x09770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009780000 | 0x09780000 | 0x09780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009790000 | 0x09790000 | 0x09790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000097a0000 | 0x097a0000 | 0x097a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000097b0000 | 0x097b0000 | 0x097effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000097b0000 | 0x097b0000 | 0x097b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000097c0000 | 0x097c0000 | 0x097c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000097d0000 | 0x097d0000 | 0x097d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000097e0000 | 0x097e0000 | 0x097e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000097f0000 | 0x097f0000 | 0x0982ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000097f0000 | 0x097f0000 | 0x097f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009800000 | 0x09800000 | 0x09800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009810000 | 0x09810000 | 0x09810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009820000 | 0x09820000 | 0x09820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009830000 | 0x09830000 | 0x0986ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009830000 | 0x09830000 | 0x09830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009840000 | 0x09840000 | 0x09840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009850000 | 0x09850000 | 0x09850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009860000 | 0x09860000 | 0x09860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009870000 | 0x09870000 | 0x098affff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009870000 | 0x09870000 | 0x09870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009880000 | 0x09880000 | 0x09880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009890000 | 0x09890000 | 0x09890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000098a0000 | 0x098a0000 | 0x098a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000098b0000 | 0x098b0000 | 0x098effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000098b0000 | 0x098b0000 | 0x098b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000098c0000 | 0x098c0000 | 0x098c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000098d0000 | 0x098d0000 | 0x098d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000098e0000 | 0x098e0000 | 0x098e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000098f0000 | 0x098f0000 | 0x0992ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000098f0000 | 0x098f0000 | 0x098f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009900000 | 0x09900000 | 0x09900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009910000 | 0x09910000 | 0x09910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009920000 | 0x09920000 | 0x09920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009930000 | 0x09930000 | 0x0996ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009930000 | 0x09930000 | 0x09930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009940000 | 0x09940000 | 0x09940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009950000 | 0x09950000 | 0x09950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009960000 | 0x09960000 | 0x09960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009970000 | 0x09970000 | 0x099affff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009970000 | 0x09970000 | 0x09970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009980000 | 0x09980000 | 0x09980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009990000 | 0x09990000 | 0x09990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000099a0000 | 0x099a0000 | 0x099a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000099b0000 | 0x099b0000 | 0x099effff | Private Memory | Readable, Writable | | | | |
| private_0x00000000099b0000 | 0x099b0000 | 0x099b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000099c0000 | 0x099c0000 | 0x099c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000099d0000 | 0x099d0000 | 0x099d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000099e0000 | 0x099e0000 | 0x099e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000099f0000 | 0x099f0000 | 0x09a2ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000099f0000 | 0x099f0000 | 0x099f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009a00000 | 0x09a00000 | 0x09a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009a10000 | 0x09a10000 | 0x09a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009a20000 | 0x09a20000 | 0x09a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009a30000 | 0x09a30000 | 0x09a6ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009a30000 | 0x09a30000 | 0x09a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009a40000 | 0x09a40000 | 0x09a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009a50000 | 0x09a50000 | 0x09a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009a60000 | 0x09a60000 | 0x09a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009a70000 | 0x09a70000 | 0x09aaffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009a70000 | 0x09a70000 | 0x09a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009a80000 | 0x09a80000 | 0x09a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009a90000 | 0x09a90000 | 0x09a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009aa0000 | 0x09aa0000 | 0x09aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009ab0000 | 0x09ab0000 | 0x09aeffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009ab0000 | 0x09ab0000 | 0x09ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009ac0000 | 0x09ac0000 | 0x09ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009ad0000 | 0x09ad0000 | 0x09ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009ae0000 | 0x09ae0000 | 0x09ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009af0000 | 0x09af0000 | 0x09b2ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009af0000 | 0x09af0000 | 0x09af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009b00000 | 0x09b00000 | 0x09b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009b10000 | 0x09b10000 | 0x09b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009b20000 | 0x09b20000 | 0x09b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009b30000 | 0x09b30000 | 0x09b6ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009b30000 | 0x09b30000 | 0x09b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009b40000 | 0x09b40000 | 0x09b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009b50000 | 0x09b50000 | 0x09b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009b60000 | 0x09b60000 | 0x09b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009b70000 | 0x09b70000 | 0x09baffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009b70000 | 0x09b70000 | 0x09b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009b80000 | 0x09b80000 | 0x09b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009b90000 | 0x09b90000 | 0x09b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009ba0000 | 0x09ba0000 | 0x09ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009bb0000 | 0x09bb0000 | 0x09beffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009bb0000 | 0x09bb0000 | 0x09bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009bc0000 | 0x09bc0000 | 0x09bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009bd0000 | 0x09bd0000 | 0x09bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009be0000 | 0x09be0000 | 0x09be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009bf0000 | 0x09bf0000 | 0x09c2ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009bf0000 | 0x09bf0000 | 0x09bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009c00000 | 0x09c00000 | 0x09c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009c10000 | 0x09c10000 | 0x09c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009c20000 | 0x09c20000 | 0x09c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009c30000 | 0x09c30000 | 0x09c6ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009c30000 | 0x09c30000 | 0x09c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009c40000 | 0x09c40000 | 0x09c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009c50000 | 0x09c50000 | 0x09c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009c60000 | 0x09c60000 | 0x09c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009c70000 | 0x09c70000 | 0x09caffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009c70000 | 0x09c70000 | 0x09c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009c80000 | 0x09c80000 | 0x09c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009c90000 | 0x09c90000 | 0x09c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009ca0000 | 0x09ca0000 | 0x09ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009cb0000 | 0x09cb0000 | 0x09ceffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009cb0000 | 0x09cb0000 | 0x09cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009cc0000 | 0x09cc0000 | 0x09cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009cd0000 | 0x09cd0000 | 0x09cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009ce0000 | 0x09ce0000 | 0x09ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009cf0000 | 0x09cf0000 | 0x09d2ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009cf0000 | 0x09cf0000 | 0x09cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009d00000 | 0x09d00000 | 0x09d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009d10000 | 0x09d10000 | 0x09d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009d20000 | 0x09d20000 | 0x09d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009d30000 | 0x09d30000 | 0x09d6ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009d30000 | 0x09d30000 | 0x09d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009d40000 | 0x09d40000 | 0x09d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009d50000 | 0x09d50000 | 0x09d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009d60000 | 0x09d60000 | 0x09d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009d70000 | 0x09d70000 | 0x09daffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009d70000 | 0x09d70000 | 0x09d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009d80000 | 0x09d80000 | 0x09d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009d90000 | 0x09d90000 | 0x09d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009da0000 | 0x09da0000 | 0x09da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009db0000 | 0x09db0000 | 0x09deffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009db0000 | 0x09db0000 | 0x09db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009dc0000 | 0x09dc0000 | 0x09dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009dd0000 | 0x09dd0000 | 0x09dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009de0000 | 0x09de0000 | 0x09de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009df0000 | 0x09df0000 | 0x09e2ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009df0000 | 0x09df0000 | 0x09df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009e00000 | 0x09e00000 | 0x09e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009e10000 | 0x09e10000 | 0x09e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009e20000 | 0x09e20000 | 0x09e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009e30000 | 0x09e30000 | 0x09e6ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009e30000 | 0x09e30000 | 0x09e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009e40000 | 0x09e40000 | 0x09e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009e50000 | 0x09e50000 | 0x09e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009e60000 | 0x09e60000 | 0x09e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009e70000 | 0x09e70000 | 0x09eaffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009e70000 | 0x09e70000 | 0x09e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009e80000 | 0x09e80000 | 0x09e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009e90000 | 0x09e90000 | 0x09e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009ea0000 | 0x09ea0000 | 0x09ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009eb0000 | 0x09eb0000 | 0x09eeffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009eb0000 | 0x09eb0000 | 0x09eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009ec0000 | 0x09ec0000 | 0x09ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009ed0000 | 0x09ed0000 | 0x09ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009ee0000 | 0x09ee0000 | 0x09ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009ef0000 | 0x09ef0000 | 0x09f2ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009ef0000 | 0x09ef0000 | 0x09ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009f00000 | 0x09f00000 | 0x09f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009f10000 | 0x09f10000 | 0x09f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009f20000 | 0x09f20000 | 0x09f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009f30000 | 0x09f30000 | 0x09f6ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009f30000 | 0x09f30000 | 0x09f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009f40000 | 0x09f40000 | 0x09f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009f50000 | 0x09f50000 | 0x09f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009f60000 | 0x09f60000 | 0x09f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009f70000 | 0x09f70000 | 0x09faffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009f70000 | 0x09f70000 | 0x09f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009f80000 | 0x09f80000 | 0x09f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009f90000 | 0x09f90000 | 0x09f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009fa0000 | 0x09fa0000 | 0x09fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009fb0000 | 0x09fb0000 | 0x09feffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009fb0000 | 0x09fb0000 | 0x09fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009fc0000 | 0x09fc0000 | 0x09fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009fd0000 | 0x09fd0000 | 0x09fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009fe0000 | 0x09fe0000 | 0x09fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000009ff0000 | 0x09ff0000 | 0x0a02ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000009ff0000 | 0x09ff0000 | 0x09ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a000000 | 0x0a000000 | 0x0a000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a010000 | 0x0a010000 | 0x0a010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a020000 | 0x0a020000 | 0x0a020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a030000 | 0x0a030000 | 0x0a06ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a030000 | 0x0a030000 | 0x0a030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a040000 | 0x0a040000 | 0x0a040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a050000 | 0x0a050000 | 0x0a050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a060000 | 0x0a060000 | 0x0a060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a070000 | 0x0a070000 | 0x0a0affff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a070000 | 0x0a070000 | 0x0a070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a080000 | 0x0a080000 | 0x0a080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a090000 | 0x0a090000 | 0x0a090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a0a0000 | 0x0a0a0000 | 0x0a0a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a0b0000 | 0x0a0b0000 | 0x0a0effff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a0b0000 | 0x0a0b0000 | 0x0a0b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a0c0000 | 0x0a0c0000 | 0x0a0c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a0d0000 | 0x0a0d0000 | 0x0a0d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a0e0000 | 0x0a0e0000 | 0x0a0e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a0f0000 | 0x0a0f0000 | 0x0a12ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a0f0000 | 0x0a0f0000 | 0x0a0f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a100000 | 0x0a100000 | 0x0a100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a110000 | 0x0a110000 | 0x0a110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a120000 | 0x0a120000 | 0x0a120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a130000 | 0x0a130000 | 0x0a16ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a130000 | 0x0a130000 | 0x0a130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a140000 | 0x0a140000 | 0x0a140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a150000 | 0x0a150000 | 0x0a150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a160000 | 0x0a160000 | 0x0a160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a170000 | 0x0a170000 | 0x0a1affff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a170000 | 0x0a170000 | 0x0a170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a180000 | 0x0a180000 | 0x0a180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a190000 | 0x0a190000 | 0x0a190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a1a0000 | 0x0a1a0000 | 0x0a1a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a1b0000 | 0x0a1b0000 | 0x0a1effff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a1b0000 | 0x0a1b0000 | 0x0a1b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a1c0000 | 0x0a1c0000 | 0x0a1c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a1d0000 | 0x0a1d0000 | 0x0a1d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a1e0000 | 0x0a1e0000 | 0x0a1e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a1f0000 | 0x0a1f0000 | 0x0a22ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a1f0000 | 0x0a1f0000 | 0x0a1f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a200000 | 0x0a200000 | 0x0a200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a210000 | 0x0a210000 | 0x0a210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a220000 | 0x0a220000 | 0x0a220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a230000 | 0x0a230000 | 0x0a26ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a230000 | 0x0a230000 | 0x0a230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a240000 | 0x0a240000 | 0x0a240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a250000 | 0x0a250000 | 0x0a250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a260000 | 0x0a260000 | 0x0a260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a270000 | 0x0a270000 | 0x0a2affff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a270000 | 0x0a270000 | 0x0a270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a280000 | 0x0a280000 | 0x0a280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a290000 | 0x0a290000 | 0x0a290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a2a0000 | 0x0a2a0000 | 0x0a2a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a2b0000 | 0x0a2b0000 | 0x0a2effff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a2b0000 | 0x0a2b0000 | 0x0a2b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a2c0000 | 0x0a2c0000 | 0x0a2c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a2d0000 | 0x0a2d0000 | 0x0a2d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a2e0000 | 0x0a2e0000 | 0x0a2e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a2f0000 | 0x0a2f0000 | 0x0a32ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a2f0000 | 0x0a2f0000 | 0x0a2f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a300000 | 0x0a300000 | 0x0a300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a310000 | 0x0a310000 | 0x0a310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a320000 | 0x0a320000 | 0x0a320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a330000 | 0x0a330000 | 0x0a36ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a330000 | 0x0a330000 | 0x0a330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a340000 | 0x0a340000 | 0x0a340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a350000 | 0x0a350000 | 0x0a350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a360000 | 0x0a360000 | 0x0a360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a370000 | 0x0a370000 | 0x0a3affff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a370000 | 0x0a370000 | 0x0a370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a380000 | 0x0a380000 | 0x0a380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a390000 | 0x0a390000 | 0x0a390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a3a0000 | 0x0a3a0000 | 0x0a3a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a3b0000 | 0x0a3b0000 | 0x0a3effff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a3b0000 | 0x0a3b0000 | 0x0a3b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a3c0000 | 0x0a3c0000 | 0x0a3c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a3d0000 | 0x0a3d0000 | 0x0a3d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a3e0000 | 0x0a3e0000 | 0x0a3e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a3f0000 | 0x0a3f0000 | 0x0a42ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a3f0000 | 0x0a3f0000 | 0x0a3f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a400000 | 0x0a400000 | 0x0a400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a410000 | 0x0a410000 | 0x0a410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a420000 | 0x0a420000 | 0x0a420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a430000 | 0x0a430000 | 0x0a46ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a430000 | 0x0a430000 | 0x0a430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a440000 | 0x0a440000 | 0x0a440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a450000 | 0x0a450000 | 0x0a450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a460000 | 0x0a460000 | 0x0a460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a470000 | 0x0a470000 | 0x0a4affff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a470000 | 0x0a470000 | 0x0a470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a480000 | 0x0a480000 | 0x0a480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a490000 | 0x0a490000 | 0x0a490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a4a0000 | 0x0a4a0000 | 0x0a4a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a4b0000 | 0x0a4b0000 | 0x0a4effff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a4b0000 | 0x0a4b0000 | 0x0a4b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a4c0000 | 0x0a4c0000 | 0x0a4c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a4d0000 | 0x0a4d0000 | 0x0a4d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a4e0000 | 0x0a4e0000 | 0x0a4e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a4f0000 | 0x0a4f0000 | 0x0a52ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a4f0000 | 0x0a4f0000 | 0x0a4f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a500000 | 0x0a500000 | 0x0a500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a510000 | 0x0a510000 | 0x0a510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a520000 | 0x0a520000 | 0x0a520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a530000 | 0x0a530000 | 0x0a56ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a530000 | 0x0a530000 | 0x0a530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a540000 | 0x0a540000 | 0x0a540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a550000 | 0x0a550000 | 0x0a550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a560000 | 0x0a560000 | 0x0a560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a570000 | 0x0a570000 | 0x0a5affff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a570000 | 0x0a570000 | 0x0a570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a580000 | 0x0a580000 | 0x0a580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a590000 | 0x0a590000 | 0x0a590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a5a0000 | 0x0a5a0000 | 0x0a5a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a5b0000 | 0x0a5b0000 | 0x0a5effff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a5b0000 | 0x0a5b0000 | 0x0a5b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a5c0000 | 0x0a5c0000 | 0x0a5c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a5d0000 | 0x0a5d0000 | 0x0a5d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a5e0000 | 0x0a5e0000 | 0x0a5e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a5f0000 | 0x0a5f0000 | 0x0a62ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a5f0000 | 0x0a5f0000 | 0x0a5f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a600000 | 0x0a600000 | 0x0a600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a610000 | 0x0a610000 | 0x0a610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a620000 | 0x0a620000 | 0x0a65ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a630000 | 0x0a630000 | 0x0a66ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a660000 | 0x0a660000 | 0x0a69ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a6a0000 | 0x0a6a0000 | 0x0a6a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a6b0000 | 0x0a6b0000 | 0x0a6b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a6c0000 | 0x0a6c0000 | 0x0a6c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a6d0000 | 0x0a6d0000 | 0x0a6d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a6e0000 | 0x0a6e0000 | 0x0a71ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a6e0000 | 0x0a6e0000 | 0x0a6e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a6f0000 | 0x0a6f0000 | 0x0a6f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a700000 | 0x0a700000 | 0x0a700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a710000 | 0x0a710000 | 0x0a710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a720000 | 0x0a720000 | 0x0a75ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a720000 | 0x0a720000 | 0x0a720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a730000 | 0x0a730000 | 0x0a730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a740000 | 0x0a740000 | 0x0a740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a750000 | 0x0a750000 | 0x0a78ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a760000 | 0x0a760000 | 0x0a79ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a790000 | 0x0a790000 | 0x0a7cffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a7d0000 | 0x0a7d0000 | 0x0a7d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a7e0000 | 0x0a7e0000 | 0x0a7e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a7f0000 | 0x0a7f0000 | 0x0a7f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a800000 | 0x0a800000 | 0x0a800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a810000 | 0x0a810000 | 0x0a84ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a810000 | 0x0a810000 | 0x0a810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a820000 | 0x0a820000 | 0x0a820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a830000 | 0x0a830000 | 0x0a830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a840000 | 0x0a840000 | 0x0a87ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a850000 | 0x0a850000 | 0x0a88ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a880000 | 0x0a880000 | 0x0a8bffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a8c0000 | 0x0a8c0000 | 0x0a8c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a8d0000 | 0x0a8d0000 | 0x0a8d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a8e0000 | 0x0a8e0000 | 0x0a8e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a8f0000 | 0x0a8f0000 | 0x0a8f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a900000 | 0x0a900000 | 0x0a93ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a900000 | 0x0a900000 | 0x0a900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a910000 | 0x0a910000 | 0x0a910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a920000 | 0x0a920000 | 0x0a920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a930000 | 0x0a930000 | 0x0a930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a940000 | 0x0a940000 | 0x0a97ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a940000 | 0x0a940000 | 0x0a97ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a940000 | 0x0a940000 | 0x0a940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a950000 | 0x0a950000 | 0x0a950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a960000 | 0x0a960000 | 0x0a960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a970000 | 0x0a970000 | 0x0a970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a980000 | 0x0a980000 | 0x0a9bffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a980000 | 0x0a980000 | 0x0a980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a990000 | 0x0a990000 | 0x0a990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a9a0000 | 0x0a9a0000 | 0x0a9a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a9b0000 | 0x0a9b0000 | 0x0a9b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a9c0000 | 0x0a9c0000 | 0x0a9fffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000a9c0000 | 0x0a9c0000 | 0x0a9c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a9d0000 | 0x0a9d0000 | 0x0a9d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a9e0000 | 0x0a9e0000 | 0x0a9e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000a9f0000 | 0x0a9f0000 | 0x0a9f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aa00000 | 0x0aa00000 | 0x0aa3ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000aa00000 | 0x0aa00000 | 0x0aa00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aa10000 | 0x0aa10000 | 0x0aa10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aa20000 | 0x0aa20000 | 0x0aa20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aa30000 | 0x0aa30000 | 0x0aa30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aa40000 | 0x0aa40000 | 0x0aa7ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000aa40000 | 0x0aa40000 | 0x0aa40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aa50000 | 0x0aa50000 | 0x0aa50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aa60000 | 0x0aa60000 | 0x0aa60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aa70000 | 0x0aa70000 | 0x0aa70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aa80000 | 0x0aa80000 | 0x0aabffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000aa80000 | 0x0aa80000 | 0x0aa80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aa90000 | 0x0aa90000 | 0x0aa90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aaa0000 | 0x0aaa0000 | 0x0aaa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aab0000 | 0x0aab0000 | 0x0aaeffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000aac0000 | 0x0aac0000 | 0x0aafffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000aaf0000 | 0x0aaf0000 | 0x0ab2ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000ab30000 | 0x0ab30000 | 0x0ab30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ab40000 | 0x0ab40000 | 0x0ab40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ab50000 | 0x0ab50000 | 0x0ab50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ab60000 | 0x0ab60000 | 0x0ab60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ab70000 | 0x0ab70000 | 0x0abaffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000ab70000 | 0x0ab70000 | 0x0ab70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ab80000 | 0x0ab80000 | 0x0ab80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ab90000 | 0x0ab90000 | 0x0ab90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aba0000 | 0x0aba0000 | 0x0aba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000abb0000 | 0x0abb0000 | 0x0abeffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000abb0000 | 0x0abb0000 | 0x0abeffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000abb0000 | 0x0abb0000 | 0x0abb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000abc0000 | 0x0abc0000 | 0x0abc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000abd0000 | 0x0abd0000 | 0x0abd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000abe0000 | 0x0abe0000 | 0x0abe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000abf0000 | 0x0abf0000 | 0x0ac2ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000abf0000 | 0x0abf0000 | 0x0abf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ac00000 | 0x0ac00000 | 0x0ac00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ac10000 | 0x0ac10000 | 0x0ac10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ac20000 | 0x0ac20000 | 0x0ac20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ac30000 | 0x0ac30000 | 0x0ac6ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000ac30000 | 0x0ac30000 | 0x0ac30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ac40000 | 0x0ac40000 | 0x0ac40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ac50000 | 0x0ac50000 | 0x0ac50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ac60000 | 0x0ac60000 | 0x0ac60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ac70000 | 0x0ac70000 | 0x0acaffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000ac70000 | 0x0ac70000 | 0x0ac70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ac80000 | 0x0ac80000 | 0x0ac80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ac90000 | 0x0ac90000 | 0x0ac90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aca0000 | 0x0aca0000 | 0x0aca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000acb0000 | 0x0acb0000 | 0x0aceffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000acb0000 | 0x0acb0000 | 0x0acb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000acc0000 | 0x0acc0000 | 0x0acc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000acd0000 | 0x0acd0000 | 0x0acd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ace0000 | 0x0ace0000 | 0x0ace0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000acf0000 | 0x0acf0000 | 0x0ad2ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000acf0000 | 0x0acf0000 | 0x0acf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ad00000 | 0x0ad00000 | 0x0ad00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ad10000 | 0x0ad10000 | 0x0ad10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ad20000 | 0x0ad20000 | 0x0ad20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ad30000 | 0x0ad30000 | 0x0ad6ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000ad30000 | 0x0ad30000 | 0x0ad30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ad40000 | 0x0ad40000 | 0x0ad40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ad50000 | 0x0ad50000 | 0x0ad50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ad60000 | 0x0ad60000 | 0x0ad60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ad70000 | 0x0ad70000 | 0x0adaffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000ad70000 | 0x0ad70000 | 0x0ad70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ad80000 | 0x0ad80000 | 0x0ad80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ad90000 | 0x0ad90000 | 0x0ad90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ada0000 | 0x0ada0000 | 0x0ada0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000adb0000 | 0x0adb0000 | 0x0adeffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000adb0000 | 0x0adb0000 | 0x0adb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000adc0000 | 0x0adc0000 | 0x0adc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000add0000 | 0x0add0000 | 0x0add0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ade0000 | 0x0ade0000 | 0x0ade0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000adf0000 | 0x0adf0000 | 0x0ae2ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000adf0000 | 0x0adf0000 | 0x0adf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ae00000 | 0x0ae00000 | 0x0ae00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ae10000 | 0x0ae10000 | 0x0ae10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ae20000 | 0x0ae20000 | 0x0ae20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ae30000 | 0x0ae30000 | 0x0ae6ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000ae30000 | 0x0ae30000 | 0x0ae30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ae40000 | 0x0ae40000 | 0x0ae40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ae50000 | 0x0ae50000 | 0x0ae50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ae60000 | 0x0ae60000 | 0x0ae60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ae70000 | 0x0ae70000 | 0x0aeaffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000ae70000 | 0x0ae70000 | 0x0ae70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ae80000 | 0x0ae80000 | 0x0ae80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ae90000 | 0x0ae90000 | 0x0ae90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aea0000 | 0x0aea0000 | 0x0aea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aeb0000 | 0x0aeb0000 | 0x0aeeffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000aeb0000 | 0x0aeb0000 | 0x0aeb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aec0000 | 0x0aec0000 | 0x0aec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aed0000 | 0x0aed0000 | 0x0aed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aee0000 | 0x0aee0000 | 0x0aee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aef0000 | 0x0aef0000 | 0x0af2ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000aef0000 | 0x0aef0000 | 0x0aef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000af00000 | 0x0af00000 | 0x0af00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000af10000 | 0x0af10000 | 0x0af10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000af20000 | 0x0af20000 | 0x0af20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000af30000 | 0x0af30000 | 0x0af6ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000af30000 | 0x0af30000 | 0x0af30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000af40000 | 0x0af40000 | 0x0af40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000af50000 | 0x0af50000 | 0x0af50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000af60000 | 0x0af60000 | 0x0af60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000af70000 | 0x0af70000 | 0x0afaffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000af70000 | 0x0af70000 | 0x0af70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000af80000 | 0x0af80000 | 0x0af80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000af90000 | 0x0af90000 | 0x0af90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000afa0000 | 0x0afa0000 | 0x0afa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000afb0000 | 0x0afb0000 | 0x0afeffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000afb0000 | 0x0afb0000 | 0x0afb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000afc0000 | 0x0afc0000 | 0x0afc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000afd0000 | 0x0afd0000 | 0x0afd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000afe0000 | 0x0afe0000 | 0x0afe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000aff0000 | 0x0aff0000 | 0x0b02ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000aff0000 | 0x0aff0000 | 0x0aff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b000000 | 0x0b000000 | 0x0b000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b010000 | 0x0b010000 | 0x0b010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b020000 | 0x0b020000 | 0x0b05ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b030000 | 0x0b030000 | 0x0b06ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b060000 | 0x0b060000 | 0x0b09ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b0a0000 | 0x0b0a0000 | 0x0b0a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b0b0000 | 0x0b0b0000 | 0x0b0b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b0c0000 | 0x0b0c0000 | 0x0b0c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b0d0000 | 0x0b0d0000 | 0x0b0d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b0e0000 | 0x0b0e0000 | 0x0b11ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b0e0000 | 0x0b0e0000 | 0x0b0e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b0f0000 | 0x0b0f0000 | 0x0b0f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b100000 | 0x0b100000 | 0x0b100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b110000 | 0x0b110000 | 0x0b110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b120000 | 0x0b120000 | 0x0b15ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b120000 | 0x0b120000 | 0x0b120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b130000 | 0x0b130000 | 0x0b130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b140000 | 0x0b140000 | 0x0b140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b150000 | 0x0b150000 | 0x0b18ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b160000 | 0x0b160000 | 0x0b19ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b190000 | 0x0b190000 | 0x0b1cffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b1d0000 | 0x0b1d0000 | 0x0b1d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b1e0000 | 0x0b1e0000 | 0x0b1e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b1f0000 | 0x0b1f0000 | 0x0b1f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b200000 | 0x0b200000 | 0x0b200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b210000 | 0x0b210000 | 0x0b24ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b210000 | 0x0b210000 | 0x0b210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b220000 | 0x0b220000 | 0x0b220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b230000 | 0x0b230000 | 0x0b230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b240000 | 0x0b240000 | 0x0b240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b250000 | 0x0b250000 | 0x0b28ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b250000 | 0x0b250000 | 0x0b250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b260000 | 0x0b260000 | 0x0b260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b270000 | 0x0b270000 | 0x0b270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b280000 | 0x0b280000 | 0x0b280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b290000 | 0x0b290000 | 0x0b2cffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b290000 | 0x0b290000 | 0x0b290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b2a0000 | 0x0b2a0000 | 0x0b2a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b2b0000 | 0x0b2b0000 | 0x0b2b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b2c0000 | 0x0b2c0000 | 0x0b2fffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b2d0000 | 0x0b2d0000 | 0x0b30ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b300000 | 0x0b300000 | 0x0b33ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b340000 | 0x0b340000 | 0x0b340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b350000 | 0x0b350000 | 0x0b350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b360000 | 0x0b360000 | 0x0b360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b370000 | 0x0b370000 | 0x0b370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b380000 | 0x0b380000 | 0x0b3bffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b380000 | 0x0b380000 | 0x0b380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b390000 | 0x0b390000 | 0x0b390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b3a0000 | 0x0b3a0000 | 0x0b3a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b3b0000 | 0x0b3b0000 | 0x0b3b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b3c0000 | 0x0b3c0000 | 0x0b3fffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b3c0000 | 0x0b3c0000 | 0x0b3c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b3d0000 | 0x0b3d0000 | 0x0b3d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b3e0000 | 0x0b3e0000 | 0x0b3e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b3f0000 | 0x0b3f0000 | 0x0b3f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b400000 | 0x0b400000 | 0x0b43ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b400000 | 0x0b400000 | 0x0b43ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b400000 | 0x0b400000 | 0x0b400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b410000 | 0x0b410000 | 0x0b410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b420000 | 0x0b420000 | 0x0b420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b430000 | 0x0b430000 | 0x0b430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b440000 | 0x0b440000 | 0x0b47ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b440000 | 0x0b440000 | 0x0b440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b450000 | 0x0b450000 | 0x0b450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b460000 | 0x0b460000 | 0x0b460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b470000 | 0x0b470000 | 0x0b470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b480000 | 0x0b480000 | 0x0b4bffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b480000 | 0x0b480000 | 0x0b480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b490000 | 0x0b490000 | 0x0b490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b4a0000 | 0x0b4a0000 | 0x0b4a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b4b0000 | 0x0b4b0000 | 0x0b4b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b4c0000 | 0x0b4c0000 | 0x0b4fffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b4c0000 | 0x0b4c0000 | 0x0b4c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b4d0000 | 0x0b4d0000 | 0x0b4d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b4e0000 | 0x0b4e0000 | 0x0b4e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b4f0000 | 0x0b4f0000 | 0x0b4f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b500000 | 0x0b500000 | 0x0b53ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b500000 | 0x0b500000 | 0x0b500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b510000 | 0x0b510000 | 0x0b510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b520000 | 0x0b520000 | 0x0b520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b530000 | 0x0b530000 | 0x0b530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b540000 | 0x0b540000 | 0x0b57ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b540000 | 0x0b540000 | 0x0b540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b550000 | 0x0b550000 | 0x0b550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b560000 | 0x0b560000 | 0x0b560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b570000 | 0x0b570000 | 0x0b570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b580000 | 0x0b580000 | 0x0b5bffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b580000 | 0x0b580000 | 0x0b580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b590000 | 0x0b590000 | 0x0b590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b5a0000 | 0x0b5a0000 | 0x0b5a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b5b0000 | 0x0b5b0000 | 0x0b5b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b5c0000 | 0x0b5c0000 | 0x0b5fffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b5c0000 | 0x0b5c0000 | 0x0b5c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b5d0000 | 0x0b5d0000 | 0x0b5d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b5e0000 | 0x0b5e0000 | 0x0b5e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b5f0000 | 0x0b5f0000 | 0x0b5f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b600000 | 0x0b600000 | 0x0b63ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b600000 | 0x0b600000 | 0x0b600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b610000 | 0x0b610000 | 0x0b610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b620000 | 0x0b620000 | 0x0b620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b630000 | 0x0b630000 | 0x0b630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b640000 | 0x0b640000 | 0x0b67ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b640000 | 0x0b640000 | 0x0b640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b650000 | 0x0b650000 | 0x0b650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b660000 | 0x0b660000 | 0x0b660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b670000 | 0x0b670000 | 0x0b670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b680000 | 0x0b680000 | 0x0b6bffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b680000 | 0x0b680000 | 0x0b680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b690000 | 0x0b690000 | 0x0b690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b6a0000 | 0x0b6a0000 | 0x0b6a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b6b0000 | 0x0b6b0000 | 0x0b6b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b6c0000 | 0x0b6c0000 | 0x0b6fffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b6c0000 | 0x0b6c0000 | 0x0b6c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b6d0000 | 0x0b6d0000 | 0x0b6d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b6e0000 | 0x0b6e0000 | 0x0b6e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b6f0000 | 0x0b6f0000 | 0x0b6f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b700000 | 0x0b700000 | 0x0b73ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b700000 | 0x0b700000 | 0x0b700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b710000 | 0x0b710000 | 0x0b710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b720000 | 0x0b720000 | 0x0b720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b730000 | 0x0b730000 | 0x0b730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b740000 | 0x0b740000 | 0x0b77ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b740000 | 0x0b740000 | 0x0b740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b750000 | 0x0b750000 | 0x0b750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b760000 | 0x0b760000 | 0x0b760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b770000 | 0x0b770000 | 0x0b770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b780000 | 0x0b780000 | 0x0b7bffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b780000 | 0x0b780000 | 0x0b780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b790000 | 0x0b790000 | 0x0b790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b7a0000 | 0x0b7a0000 | 0x0b7a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b7b0000 | 0x0b7b0000 | 0x0b7b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b7c0000 | 0x0b7c0000 | 0x0b7fffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b7c0000 | 0x0b7c0000 | 0x0b7c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b7d0000 | 0x0b7d0000 | 0x0b7d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b7e0000 | 0x0b7e0000 | 0x0b7e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b7f0000 | 0x0b7f0000 | 0x0b82ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b800000 | 0x0b800000 | 0x0b83ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b830000 | 0x0b830000 | 0x0b86ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b870000 | 0x0b870000 | 0x0b870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b880000 | 0x0b880000 | 0x0b880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b890000 | 0x0b890000 | 0x0b890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b8a0000 | 0x0b8a0000 | 0x0b8a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b8b0000 | 0x0b8b0000 | 0x0b8effff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b8b0000 | 0x0b8b0000 | 0x0b8b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b8c0000 | 0x0b8c0000 | 0x0b8c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b8d0000 | 0x0b8d0000 | 0x0b8d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b8e0000 | 0x0b8e0000 | 0x0b91ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b8f0000 | 0x0b8f0000 | 0x0b92ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b920000 | 0x0b920000 | 0x0b920fff | Private Memory | Readable, Writable, Executable | | | | |
| msvfw32.dll.mui | 0x0b930000 | 0x0b931fff | Memory Mapped File | Readable | | | | |
| pagefile_0x000000000b940000 | 0x0b940000 | 0x0b941fff | Pagefile Backed Memory | Readable | | | | |
| avicap32.dll.mui | 0x0b950000 | 0x0b952fff | Memory Mapped File | Readable | | | | |
| private_0x000000000b960000 | 0x0b960000 | 0x0b99ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b9a0000 | 0x0b9a0000 | 0x0b9a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b9b0000 | 0x0b9b0000 | 0x0b9b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b9c0000 | 0x0b9c0000 | 0x0b9c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b9d0000 | 0x0b9d0000 | 0x0ba0ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000b9d0000 | 0x0b9d0000 | 0x0b9d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b9e0000 | 0x0b9e0000 | 0x0b9e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000b9f0000 | 0x0b9f0000 | 0x0b9f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ba00000 | 0x0ba00000 | 0x0ba00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ba10000 | 0x0ba10000 | 0x0ba4ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000ba10000 | 0x0ba10000 | 0x0ba10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ba20000 | 0x0ba20000 | 0x0ba20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ba30000 | 0x0ba30000 | 0x0ba30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ba40000 | 0x0ba40000 | 0x0ba40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ba50000 | 0x0ba50000 | 0x0ba8ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000ba50000 | 0x0ba50000 | 0x0ba50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ba60000 | 0x0ba60000 | 0x0ba60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ba70000 | 0x0ba70000 | 0x0ba70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ba80000 | 0x0ba80000 | 0x0ba80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000ba90000 | 0x0ba90000 | 0x0bacffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000ba90000 | 0x0ba90000 | 0x0ba90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000baa0000 | 0x0baa0000 | 0x0baa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bab0000 | 0x0bab0000 | 0x0bab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bac0000 | 0x0bac0000 | 0x0bac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bad0000 | 0x0bad0000 | 0x0bb0ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bad0000 | 0x0bad0000 | 0x0bad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bae0000 | 0x0bae0000 | 0x0bae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000baf0000 | 0x0baf0000 | 0x0baf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bb00000 | 0x0bb00000 | 0x0bb00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bb10000 | 0x0bb10000 | 0x0bb4ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bb10000 | 0x0bb10000 | 0x0bb10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bb20000 | 0x0bb20000 | 0x0bb20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bb30000 | 0x0bb30000 | 0x0bb30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bb40000 | 0x0bb40000 | 0x0bb40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bb50000 | 0x0bb50000 | 0x0bb8ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bb50000 | 0x0bb50000 | 0x0bb50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bb60000 | 0x0bb60000 | 0x0bb60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bb70000 | 0x0bb70000 | 0x0bb70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bb80000 | 0x0bb80000 | 0x0bb80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bb90000 | 0x0bb90000 | 0x0bbcffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bb90000 | 0x0bb90000 | 0x0bb90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bba0000 | 0x0bba0000 | 0x0bba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bbb0000 | 0x0bbb0000 | 0x0bbb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bbc0000 | 0x0bbc0000 | 0x0bbc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bbd0000 | 0x0bbd0000 | 0x0bc0ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bbd0000 | 0x0bbd0000 | 0x0bbd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bbe0000 | 0x0bbe0000 | 0x0bbe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bbf0000 | 0x0bbf0000 | 0x0bbf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bc00000 | 0x0bc00000 | 0x0bc3ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bc10000 | 0x0bc10000 | 0x0bc4ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bc40000 | 0x0bc40000 | 0x0bc7ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bc80000 | 0x0bc80000 | 0x0bc80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bc90000 | 0x0bc90000 | 0x0bc90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bca0000 | 0x0bca0000 | 0x0bca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bcb0000 | 0x0bcb0000 | 0x0bcb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bcc0000 | 0x0bcc0000 | 0x0bcfffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bcc0000 | 0x0bcc0000 | 0x0bcc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bcd0000 | 0x0bcd0000 | 0x0bcd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bce0000 | 0x0bce0000 | 0x0bce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bcf0000 | 0x0bcf0000 | 0x0bcf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bd00000 | 0x0bd00000 | 0x0bd3ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bd00000 | 0x0bd00000 | 0x0bd00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bd10000 | 0x0bd10000 | 0x0bd10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bd20000 | 0x0bd20000 | 0x0bd20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bd30000 | 0x0bd30000 | 0x0bd6ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bd40000 | 0x0bd40000 | 0x0bd7ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bd70000 | 0x0bd70000 | 0x0bdaffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bdb0000 | 0x0bdb0000 | 0x0bdb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bdc0000 | 0x0bdc0000 | 0x0bdc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bdd0000 | 0x0bdd0000 | 0x0bdd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bde0000 | 0x0bde0000 | 0x0bde0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bdf0000 | 0x0bdf0000 | 0x0be2ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bdf0000 | 0x0bdf0000 | 0x0bdf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000be00000 | 0x0be00000 | 0x0be00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000be10000 | 0x0be10000 | 0x0be10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000be20000 | 0x0be20000 | 0x0be20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000be30000 | 0x0be30000 | 0x0be6ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000be30000 | 0x0be30000 | 0x0be30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000be40000 | 0x0be40000 | 0x0be40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000be50000 | 0x0be50000 | 0x0be50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000be60000 | 0x0be60000 | 0x0be60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000be70000 | 0x0be70000 | 0x0beaffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000be70000 | 0x0be70000 | 0x0be70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000be80000 | 0x0be80000 | 0x0be80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000be90000 | 0x0be90000 | 0x0be90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bea0000 | 0x0bea0000 | 0x0bea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000beb0000 | 0x0beb0000 | 0x0beeffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000beb0000 | 0x0beb0000 | 0x0beb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bec0000 | 0x0bec0000 | 0x0bec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bed0000 | 0x0bed0000 | 0x0bed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bee0000 | 0x0bee0000 | 0x0bee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bef0000 | 0x0bef0000 | 0x0bf2ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bef0000 | 0x0bef0000 | 0x0bef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bf00000 | 0x0bf00000 | 0x0bf00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bf10000 | 0x0bf10000 | 0x0bf10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bf20000 | 0x0bf20000 | 0x0bf20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bf30000 | 0x0bf30000 | 0x0bf6ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bf30000 | 0x0bf30000 | 0x0bf30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bf40000 | 0x0bf40000 | 0x0bf40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bf50000 | 0x0bf50000 | 0x0bf50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bf60000 | 0x0bf60000 | 0x0bf60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bf70000 | 0x0bf70000 | 0x0bfaffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bf70000 | 0x0bf70000 | 0x0bf70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bf80000 | 0x0bf80000 | 0x0bf80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bf90000 | 0x0bf90000 | 0x0bf90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bfa0000 | 0x0bfa0000 | 0x0bfa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bfb0000 | 0x0bfb0000 | 0x0bfeffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bfb0000 | 0x0bfb0000 | 0x0bfb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bfc0000 | 0x0bfc0000 | 0x0bfc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bfd0000 | 0x0bfd0000 | 0x0bfd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000bfe0000 | 0x0bfe0000 | 0x0c01ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000bff0000 | 0x0bff0000 | 0x0c02ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c020000 | 0x0c020000 | 0x0c05ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c060000 | 0x0c060000 | 0x0c060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c070000 | 0x0c070000 | 0x0c070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c080000 | 0x0c080000 | 0x0c080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c090000 | 0x0c090000 | 0x0c090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c0a0000 | 0x0c0a0000 | 0x0c0dffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c0a0000 | 0x0c0a0000 | 0x0c0a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c0b0000 | 0x0c0b0000 | 0x0c0b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c0c0000 | 0x0c0c0000 | 0x0c0c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c0d0000 | 0x0c0d0000 | 0x0c10ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c0e0000 | 0x0c0e0000 | 0x0c11ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c110000 | 0x0c110000 | 0x0c14ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c150000 | 0x0c150000 | 0x0c150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c160000 | 0x0c160000 | 0x0c160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c170000 | 0x0c170000 | 0x0c170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c180000 | 0x0c180000 | 0x0c180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c190000 | 0x0c190000 | 0x0c1cffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c190000 | 0x0c190000 | 0x0c190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c1a0000 | 0x0c1a0000 | 0x0c1a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c1b0000 | 0x0c1b0000 | 0x0c1b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c1c0000 | 0x0c1c0000 | 0x0c1c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c1d0000 | 0x0c1d0000 | 0x0c20ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c1d0000 | 0x0c1d0000 | 0x0c20ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c1d0000 | 0x0c1d0000 | 0x0c1d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c1e0000 | 0x0c1e0000 | 0x0c1e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c1f0000 | 0x0c1f0000 | 0x0c1f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c200000 | 0x0c200000 | 0x0c200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c210000 | 0x0c210000 | 0x0c24ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c210000 | 0x0c210000 | 0x0c210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c220000 | 0x0c220000 | 0x0c220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c230000 | 0x0c230000 | 0x0c230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c240000 | 0x0c240000 | 0x0c240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c250000 | 0x0c250000 | 0x0c28ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c250000 | 0x0c250000 | 0x0c250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c260000 | 0x0c260000 | 0x0c260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c270000 | 0x0c270000 | 0x0c270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c280000 | 0x0c280000 | 0x0c280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c290000 | 0x0c290000 | 0x0c2cffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c290000 | 0x0c290000 | 0x0c290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c2a0000 | 0x0c2a0000 | 0x0c2a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c2b0000 | 0x0c2b0000 | 0x0c2b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c2c0000 | 0x0c2c0000 | 0x0c2c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c2d0000 | 0x0c2d0000 | 0x0c30ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c2d0000 | 0x0c2d0000 | 0x0c2d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c2e0000 | 0x0c2e0000 | 0x0c2e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c2f0000 | 0x0c2f0000 | 0x0c2f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c300000 | 0x0c300000 | 0x0c300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c310000 | 0x0c310000 | 0x0c34ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c310000 | 0x0c310000 | 0x0c310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c320000 | 0x0c320000 | 0x0c320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c330000 | 0x0c330000 | 0x0c330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c340000 | 0x0c340000 | 0x0c37ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c350000 | 0x0c350000 | 0x0c38ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c380000 | 0x0c380000 | 0x0c3bffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c3c0000 | 0x0c3c0000 | 0x0c3c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c3d0000 | 0x0c3d0000 | 0x0c3d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c3e0000 | 0x0c3e0000 | 0x0c3e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c3f0000 | 0x0c3f0000 | 0x0c3f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c400000 | 0x0c400000 | 0x0c43ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c400000 | 0x0c400000 | 0x0c400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c410000 | 0x0c410000 | 0x0c410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c420000 | 0x0c420000 | 0x0c420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c430000 | 0x0c430000 | 0x0c430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c440000 | 0x0c440000 | 0x0c47ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c440000 | 0x0c440000 | 0x0c440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c450000 | 0x0c450000 | 0x0c450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c460000 | 0x0c460000 | 0x0c460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c470000 | 0x0c470000 | 0x0c470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c480000 | 0x0c480000 | 0x0c4bffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c480000 | 0x0c480000 | 0x0c480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c490000 | 0x0c490000 | 0x0c490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000000c4a0000 | 0x0c4a0000 | 0x0c4dffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c4c0000 | 0x0c4c0000 | 0x0c4fffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c4e0000 | 0x0c4e0000 | 0x0c51ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c520000 | 0x0c520000 | 0x0c55ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c560000 | 0x0c560000 | 0x0c59ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000000c5a0000 | 0x0c5a0000 | 0x0c5a0fff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x000000000c5b0000 | 0x0c5b0000 | 0x0c5effff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c5f0000 | 0x0c5f0000 | 0x0c62ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000000c630000 | 0x0c630000 | 0x0c630fff | Pagefile Backed Memory | Readable, Writable | | | | |
| pagefile_0x000000000c640000 | 0x0c640000 | 0x0c640fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000000c640000 | 0x0c640000 | 0x0c640fff | Pagefile Backed Memory | Readable | | | | |
| cversions.2.db | 0x0c640000 | 0x0c643fff | Memory Mapped File | Readable | | | | |
| pagefile_0x000000000c650000 | 0x0c650000 | 0x0c650fff | Pagefile Backed Memory | Readable | | | | |
| cversions.2.db | 0x0c660000 | 0x0c663fff | Memory Mapped File | Readable | | | | |
| private_0x000000000c670000 | 0x0c670000 | 0x0c67ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c680000 | 0x0c680000 | 0x0c6bffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c6c0000 | 0x0c6c0000 | 0x0c6fffff | Private Memory | Readable, Writable | | | | |
| shell32.dll.mui | 0x0c700000 | 0x0c760fff | Memory Mapped File | Readable | | | | |
| private_0x000000000c770000 | 0x0c770000 | 0x0c839fff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c840000 | 0x0c840000 | 0x0c906fff | Private Memory | Readable, Writable | | | | |
| {6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db | 0x0c910000 | 0x0c952fff | Memory Mapped File | Readable | | | | |
| cversions.2.db | 0x0c960000 | 0x0c963fff | Memory Mapped File | Readable | | | | |
| propsys.dll.mui | 0x0c970000 | 0x0c980fff | Memory Mapped File | Readable | | | | |
| private_0x000000000c990000 | 0x0c990000 | 0x0c9cffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000c9d0000 | 0x0c9d0000 | 0x0cacffff | Private Memory | Readable, Writable | | | | |
| {DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db | 0x0cad0000 | 0x0cb5afff | Memory Mapped File | Readable | | | | |
| private_0x000000000cb60000 | 0x0cb60000 | 0x0cb9ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000000cbc0000 | 0x0cbc0000 | 0x0cbc6fff | Private Memory | Readable, Writable | | | | |
| private_0x000000000cc60000 | 0x0cc60000 | 0x0cddafff | Private Memory | Readable, Writable | | | | |
| private_0x000000000cde0000 | 0x0cde0000 | 0x0cedffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010470000 | 0x10470000 | 0x104cbfff | Private Memory | Readable, Writable, Executable | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| iertutil.dll | 0x73aa0000 | 0x73d60fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| iertutil.dll | 0x73aa0000 | 0x73d60fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| iertutil.dll | 0x73aa0000 | 0x73d60fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| iertutil.dll | 0x73aa0000 | 0x73d60fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| iertutil.dll | 0x73aa0000 | 0x73d60fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| iertutil.dll | 0x73aa0000 | 0x73d60fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| iertutil.dll | 0x73aa0000 | 0x73d60fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| iertutil.dll | 0x73aa0000 | 0x73d60fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| iertutil.dll | 0x73aa0000 | 0x73d60fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| urlmon.dll | 0x73d70000 | 0x73ecffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| urlmon.dll | 0x73d70000 | 0x73ecffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| urlmon.dll | 0x73d70000 | 0x73ecffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| urlmon.dll | 0x73d70000 | 0x73ecffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| urlmon.dll | 0x73d70000 | 0x73ecffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| urlmon.dll | 0x73d70000 | 0x73ecffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| urlmon.dll | 0x73d70000 | 0x73ecffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| urlmon.dll | 0x73d70000 | 0x73ecffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| urlmon.dll | 0x73d70000 | 0x73ecffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rsaenh.dll | 0x73ed0000 | 0x73efefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcrypt.dll | 0x73f00000 | 0x73f1afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptsp.dll | 0x73f20000 | 0x73f32fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| winnsi.dll | 0x73f40000 | 0x73f47fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| IPHLPAPI.DLL | 0x73f50000 | 0x73f7ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msacm32.dll | 0x73f80000 | 0x73f97fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| devobj.dll | 0x73fa0000 | 0x73fc0fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| winmmbase.dll | 0x73fd0000 | 0x73ff2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| comctl32.dll | 0x74000000 | 0x74208fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvfw32.dll | 0x74210000 | 0x74232fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| winmm.dll | 0x74240000 | 0x74263fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| avicap32.dll | 0x74270000 | 0x74283fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| GdiPlus.dll | 0x74290000 | 0x743fafff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wsock32.dll | 0x74400000 | 0x74407fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wininet.dll | 0x74410000 | 0x74633fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| mpr.dll | 0x74640000 | 0x74656fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| dxgi.dll | 0x74660000 | 0x746ddfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sppc.dll | 0x746e0000 | 0x746fcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| slc.dll | 0x74700000 | 0x74720fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| userenv.dll | 0x74730000 | 0x74748fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| dcomp.dll | 0x74750000 | 0x747ebfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| twinapi.dll | 0x747f0000 | 0x74888fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| d3d11.dll | 0x74890000 | 0x74aa2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| dwmapi.dll | 0x74ab0000 | 0x74accfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| uxtheme.dll | 0x74ad0000 | 0x74b44fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| propsys.dll | 0x74b50000 | 0x74c91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cfgmgr32.dll | 0x75a60000 | 0x75a95fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ws2_32.dll | 0x75b90000 | 0x75bebfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| nsi.dll | 0x76050000 | 0x76056fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| clbcatq.dll | 0x762f0000 | 0x76371fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x000000007f1cc000 | 0x7f1cc000 | 0x7f1cefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1cf000 | 0x7f1cf000 | 0x7f1d1fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1d2000 | 0x7f1d2000 | 0x7f1d4fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1d5000 | 0x7f1d5000 | 0x7f1d7fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1d8000 | 0x7f1d8000 | 0x7f1dafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1db000 | 0x7f1db000 | 0x7f1ddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1db000 | 0x7f1db000 | 0x7f1ddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1de000 | 0x7f1de000 | 0x7f1e0fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1e1000 | 0x7f1e1000 | 0x7f1e3fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1e4000 | 0x7f1e4000 | 0x7f1e6fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1e7000 | 0x7f1e7000 | 0x7f1e9fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1ea000 | 0x7f1ea000 | 0x7f1ecfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1ed000 | 0x7f1ed000 | 0x7f1effff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1ed000 | 0x7f1ed000 | 0x7f1effff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1f0000 | 0x7f1f0000 | 0x7f1f2fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1f3000 | 0x7f1f3000 | 0x7f1f5fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1f6000 | 0x7f1f6000 | 0x7f1f8fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1f6000 | 0x7f1f6000 | 0x7f1f8fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1f9000 | 0x7f1f9000 | 0x7f1fbfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1f9000 | 0x7f1f9000 | 0x7f1fbfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1fc000 | 0x7f1fc000 | 0x7f1fefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f1ff000 | 0x7f1ff000 | 0x7f201fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f202000 | 0x7f202000 | 0x7f204fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f205000 | 0x7f205000 | 0x7f207fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f208000 | 0x7f208000 | 0x7f20afff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f208000 | 0x7f208000 | 0x7f20afff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f20b000 | 0x7f20b000 | 0x7f20dfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f20e000 | 0x7f20e000 | 0x7f210fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f211000 | 0x7f211000 | 0x7f213fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f214000 | 0x7f214000 | 0x7f216fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f217000 | 0x7f217000 | 0x7f219fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f21a000 | 0x7f21a000 | 0x7f21cfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f21d000 | 0x7f21d000 | 0x7f21ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000007f220000 | 0x7f220000 | 0x7f31ffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007f320000 | 0x7f320000 | 0x7f342fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007f345000 | 0x7f345000 | 0x7f347fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f345000 | 0x7f345000 | 0x7f347fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f345000 | 0x7f345000 | 0x7f347fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f348000 | 0x7f348000 | 0x7f348fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f349000 | 0x7f349000 | 0x7f34bfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f34c000 | 0x7f34c000 | 0x7f34efff | Private Memory | Readable, Writable | | | | |
| private_0x000000007f34f000 | 0x7f34f000 | 0x7f34ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dfb1ddcffff | Private Memory | Readable | | | | |
| pagefile_0x00007dfb1ddd0000 | 0x7dfb1ddd0000 | 0x7ffb1ddcffff | Pagefile Backed Memory | - | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4740000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4750000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4760000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd5c, address = 0x4760000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x47f0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4800000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4810000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4820000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd60, address = 0x4820000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4830000, size = 21 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4840000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4850000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4860000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd84, address = 0x4860000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4870000, size = 21 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4880000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4890000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x48a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd98, address = 0x48a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4ab0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4ac0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4ad0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4ae0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd9c, address = 0x4ae0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4af0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b00000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xda0, address = 0x4b20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b30000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b40000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xda8, address = 0x4b60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b70000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4e30000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdac, address = 0x4e30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4e40000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4e50000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4e60000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4e70000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdb4, address = 0x4e70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6420000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6430000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6440000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6450000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdb8, address = 0x6450000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6460000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6470000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6480000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6490000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdbc, address = 0x6490000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x64a0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x64b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x64c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x64d0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdc0, address = 0x64d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x64e0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x64f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6500000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6510000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdc4, address = 0x6510000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6520000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6530000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6540000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x68a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdc8, address = 0x68a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x68b0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x68c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x68d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x68e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdcc, address = 0x68e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x68f0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6900000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6910000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6920000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdd0, address = 0x6920000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6930000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6940000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6950000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6960000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdd4, address = 0x6960000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6970000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6980000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6990000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x69a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdd8, address = 0x69a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x69b0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x69c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x69d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x69e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xddc, address = 0x69e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x69f0000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6a00000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6a10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6a20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xde0, address = 0x6a20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6a30000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6a40000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6a50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6a60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xde4, address = 0x6a60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6a70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6a80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6a90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6aa0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xde8, address = 0x6aa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6ab0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6ac0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6ad0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6ae0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdec, address = 0x6ae0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6af0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6b00000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6b10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6b20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdf0, address = 0x6b20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6b30000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6b40000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6b50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6b60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdf4, address = 0x6b60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6b70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6b80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6b90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6ba0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdf8, address = 0x6ba0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6bb0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6bc0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6bd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6be0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdfc, address = 0x6be0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6bf0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6c00000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6c10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6c20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe00, address = 0x6c20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6c30000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6c40000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6c50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6c60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe04, address = 0x6c60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6c70000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6c80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6c90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6ca0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe08, address = 0x6ca0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6cb0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6cc0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6cd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6ce0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe0c, address = 0x6ce0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6cf0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6d00000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6d10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6d20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe10, address = 0x6d20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6d30000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6d40000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6d50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6d60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe14, address = 0x6d60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6d70000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6d80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6d90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6da0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe18, address = 0x6da0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6db0000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6dc0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6dd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6de0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe1c, address = 0x6de0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6df0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6e00000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6e10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6e20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe20, address = 0x6e20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6e30000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6e40000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6e50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6e60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe24, address = 0x6e60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6e70000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6e80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6e90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6ea0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe28, address = 0x6ea0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6eb0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6ec0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6ed0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6ee0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe2c, address = 0x6ee0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6ef0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6f00000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6f10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6f20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe30, address = 0x6f20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6f30000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6f40000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6f50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6f60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe34, address = 0x6f60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6f70000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6f80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6f90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6fa0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe38, address = 0x6fa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6fb0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6fc0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6fd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6fe0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe3c, address = 0x6fe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x6ff0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7000000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7010000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7020000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe40, address = 0x7020000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7030000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7040000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7050000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7060000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe44, address = 0x7060000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7070000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7080000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7090000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe48, address = 0x7090000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7120000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7130000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7140000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7150000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe4c, address = 0x7150000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7160000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7170000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7180000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7190000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe50, address = 0x7190000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x71a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x71b0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x71c0000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe54, address = 0x71c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7250000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7260000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7270000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7280000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe58, address = 0x7280000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7290000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x72a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x72b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x72c0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe5c, address = 0x72c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x72d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x72e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x72f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7300000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe60, address = 0x7300000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7310000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7320000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7330000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe64, address = 0x7330000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x73c0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x73d0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x73e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x73f0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe68, address = 0x73f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7400000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7410000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7420000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7430000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe6c, address = 0x7430000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7440000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7450000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7460000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7470000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe70, address = 0x7470000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7480000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7490000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x74a0000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe74, address = 0x74a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7530000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7540000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7550000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7560000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe78, address = 0x7560000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7570000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7580000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7590000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x75a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe7c, address = 0x75a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x75b0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x75c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x75d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x75e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe80, address = 0x75e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x75f0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7600000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7610000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7620000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe84, address = 0x7620000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7630000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7640000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7650000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7660000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe88, address = 0x7660000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7670000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7680000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7690000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x76a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe8c, address = 0x76a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x76b0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x76c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x76d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x76e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe90, address = 0x76e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x76f0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7700000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7710000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7720000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe94, address = 0x7720000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7730000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7740000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7750000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7760000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe98, address = 0x7760000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7770000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7780000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7790000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x77a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xe9c, address = 0x77a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x77b0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x77c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x77d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x77e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xea0, address = 0x77e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x77f0000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7800000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7810000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7820000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xea4, address = 0x7820000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7830000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7840000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7850000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7860000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xea8, address = 0x7860000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7870000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7880000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7890000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x78a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xeac, address = 0x78a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x78b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x78c0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x78d0000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xeb8, address = 0x78d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7960000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7970000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7980000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7990000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xebc, address = 0x7990000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x79a0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x79b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x79c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x79d0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xec4, address = 0x79d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x79e0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x79f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7a00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7a10000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xec8, address = 0x7a10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7a20000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7a30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7a40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7a50000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xecc, address = 0x7a50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7a60000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7a70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7a80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7a90000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xed0, address = 0x7a90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7aa0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7ab0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7ac0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7ad0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xed4, address = 0x7ad0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7ae0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7af0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7b00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7b10000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xed8, address = 0x7b10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7b20000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7b30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7b40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7b50000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xedc, address = 0x7b50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7b60000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7b70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7b80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7b90000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xee0, address = 0x7b90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7ba0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7bb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7bc0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7bd0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xee4, address = 0x7bd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7be0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7bf0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7c00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7c10000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xee8, address = 0x7c10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7c20000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7c30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7c40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7c50000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xeec, address = 0x7c50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7c60000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7c70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7c80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7c90000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xef0, address = 0x7c90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7ca0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7cb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7cc0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7cd0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xef4, address = 0x7cd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7ce0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7cf0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d10000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xef8, address = 0x7d10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d20000, size = 6 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d50000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xefc, address = 0x7d50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d60000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7d90000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf00, address = 0x7d90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7da0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7db0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7dc0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7dd0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf04, address = 0x7dd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7de0000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7df0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e10000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf08, address = 0x7e10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e20000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e50000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf0c, address = 0x7e50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e60000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7e90000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf10, address = 0x7e90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7ea0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7eb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7ec0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7ed0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf14, address = 0x7ed0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7ee0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7ef0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7f00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7f10000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf18, address = 0x7f10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7f20000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7f30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7f40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7f50000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf1c, address = 0x7f50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7f60000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7f70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7f80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7f90000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf20, address = 0x7f90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7fa0000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7fb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7fc0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7fd0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf24, address = 0x7fd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7fe0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x7ff0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8000000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8010000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf28, address = 0x8010000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8020000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8030000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8040000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8050000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf2c, address = 0x8050000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8060000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8070000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8080000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8090000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf30, address = 0x8090000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x80a0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x80b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x80c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x80d0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf34, address = 0x80d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x80e0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x80f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8100000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8110000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf38, address = 0x8110000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8120000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8130000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8140000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8150000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf3c, address = 0x8150000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8160000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8170000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8180000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8190000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf40, address = 0x8190000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x81a0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x81b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x81c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x81d0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf44, address = 0x81d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x81e0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x81f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8200000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8210000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf48, address = 0x8210000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8220000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8230000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8240000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8250000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf50, address = 0x8250000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8260000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8270000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8280000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8290000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf54, address = 0x8290000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x82a0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x82b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x82c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x82d0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf58, address = 0x82d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x82e0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x82f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8300000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8310000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf5c, address = 0x8310000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8320000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8330000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8340000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8350000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf60, address = 0x8350000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8360000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8370000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8380000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8390000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf64, address = 0x8390000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x83a0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x83b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x83c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x83d0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf68, address = 0x83d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x83e0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x83f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8400000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8410000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf6c, address = 0x8410000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8420000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8430000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8440000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8450000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf70, address = 0x8450000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8460000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8470000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8480000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8490000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf74, address = 0x8490000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x84a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x84b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x84c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x84d0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf78, address = 0x84d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x84e0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x84f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8500000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8510000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf7c, address = 0x8510000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8520000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8530000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8540000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8550000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf80, address = 0x8550000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8560000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8570000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8580000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8590000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf84, address = 0x8590000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x85a0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x85b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x85c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x85d0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf88, address = 0x85d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x85e0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x85f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8600000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8610000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf8c, address = 0x8610000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8620000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8630000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8640000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8650000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf90, address = 0x8650000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8660000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8670000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8680000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8690000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf94, address = 0x8690000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x86a0000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x86b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x86c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x86d0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf98, address = 0x86d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x86e0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x86f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8700000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8710000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xf9c, address = 0x8710000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8720000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8730000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8740000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8750000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfa0, address = 0x8750000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8760000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8770000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8780000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8790000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfa4, address = 0x8790000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x87a0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x87b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x87c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x87d0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfa8, address = 0x87d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x87e0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x87f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8800000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8810000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfac, address = 0x8810000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8820000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8830000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8840000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8850000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfb0, address = 0x8850000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8860000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8870000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8880000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8890000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfb4, address = 0x8890000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x88a0000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x88b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x88c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x88d0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfc0, address = 0x88d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x88e0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x88f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8900000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8910000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfc4, address = 0x8910000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8920000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8930000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8940000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8950000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfc8, address = 0x8950000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8960000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8970000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8980000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8990000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfcc, address = 0x8990000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x89a0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x89b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x89c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x89d0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfd0, address = 0x89d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x89e0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x89f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8a00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8a10000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfd4, address = 0x8a10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8a20000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8a30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8a40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8a50000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfd8, address = 0x8a50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8a60000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8a70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8a80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8a90000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfdc, address = 0x8a90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8aa0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ab0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ac0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ad0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfe0, address = 0x8ad0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ae0000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8af0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8b00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8b10000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfe4, address = 0x8b10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8b20000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8b30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8b40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8b50000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfe8, address = 0x8b50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8b60000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8b70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8b80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8b90000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xfec, address = 0x8b90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ba0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8bb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8bc0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8bd0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xff0, address = 0x8bd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8be0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8bf0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8c00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8c10000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xff4, address = 0x8c10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8c20000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8c30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8c40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8c50000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xff8, address = 0x8c50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8c60000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8c70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8c80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8c90000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xffc, address = 0x8c90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ca0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8cb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8cc0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8cd0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x534, address = 0x8cd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ce0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8cf0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8d00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8d10000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x6d4, address = 0x8d10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8d20000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8d30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8d40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8d50000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xad4, address = 0x8d50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8d60000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8d70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8d80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8d90000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xa14, address = 0x8d90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8da0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8db0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8dc0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8dd0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x458, address = 0x8dd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8de0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8df0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8e00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8e10000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x540, address = 0x8e10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8e20000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8e30000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8e40000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x2b0, address = 0x8e40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ed0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ee0000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8ef0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8f00000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc44, address = 0x8f00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8f10000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8f20000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8f30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8f40000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc4c, address = 0x8f40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8f50000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8f60000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8f70000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8f80000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc54, address = 0x8f80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8f90000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8fa0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x8fb0000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x59c, address = 0x8fb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9040000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9050000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9060000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9070000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x224, address = 0x9070000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9080000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9090000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x90a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x90b0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x2f8, address = 0x90b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x90c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x90d0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x90e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x90f0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc64, address = 0x90f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9100000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9110000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9120000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9130000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xa2c, address = 0x9130000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9140000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9150000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9160000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9170000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xb34, address = 0x9170000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9180000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9190000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x91a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x91b0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x3f4, address = 0x91b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x91c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x91d0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x91e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x91f0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x6ec, address = 0x91f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9200000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9210000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9220000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9230000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x358, address = 0x9230000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9240000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9250000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9260000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9270000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc3c, address = 0x9270000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9280000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9290000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x92a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x92b0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x8d0, address = 0x92b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x92c0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x92d0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x92e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x92f0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x71c, address = 0x92f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9300000, size = 23 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9310000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9320000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9330000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x144, address = 0x9330000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9340000, size = 7 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9350000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9360000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9370000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x12c, address = 0x9370000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9380000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9390000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x93a0000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x6c0, address = 0x93a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9430000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9440000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9450000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9460000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xaec, address = 0x9460000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9470000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9480000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9490000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x94a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x114, address = 0x94a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x94b0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x94c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x94d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x94e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x2a8, address = 0x94e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x94f0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9500000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9510000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9520000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x950, address = 0x9520000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9530000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9540000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9550000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9560000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x940, address = 0x9560000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9570000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9580000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9590000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x95a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x954, address = 0x95a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x95b0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x95c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x95d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x95e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x41c, address = 0x95e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x95f0000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9600000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9610000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9620000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x398, address = 0x9620000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9630000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9640000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9650000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9660000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x438, address = 0x9660000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9670000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9680000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9690000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x96a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x9dc, address = 0x96a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x96b0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x96c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x96d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x96e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x5e8, address = 0x96e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x96f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9700000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9710000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9720000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x668, address = 0x9720000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9730000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9740000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9750000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9760000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x8c0, address = 0x9760000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9770000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9780000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9790000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x97a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc94, address = 0x97a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x97b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x97c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x97d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x97e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc48, address = 0x97e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x97f0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9800000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9810000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9820000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc50, address = 0x9820000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9830000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9840000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9850000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9860000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc40, address = 0x9860000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9870000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9880000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9890000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x98a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc18, address = 0x98a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x98b0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x98c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x98d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x98e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc24, address = 0x98e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x98f0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9900000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9910000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9920000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc2c, address = 0x9920000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9930000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9940000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9950000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9960000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc28, address = 0x9960000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9970000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9980000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9990000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x99a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc20, address = 0x99a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x99b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x99c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x99d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x99e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc34, address = 0x99e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x99f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9a00000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9a10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9a20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc38, address = 0x9a20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9a30000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9a40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9a50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9a60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc1c, address = 0x9a60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9a70000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9a80000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9a90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9aa0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc0c, address = 0x9aa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9ab0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9ac0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9ad0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9ae0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc08, address = 0x9ae0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9af0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9b00000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9b10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9b20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc04, address = 0x9b20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9b30000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9b40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9b50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9b60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xca8, address = 0x9b60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9b70000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9b80000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9b90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9ba0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xcc0, address = 0x9ba0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9bb0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9bc0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9bd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9be0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x9d4, address = 0x9be0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9bf0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9c00000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9c10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9c20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xcd4, address = 0x9c20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9c30000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9c40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9c50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9c60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x298, address = 0x9c60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9c70000, size = 21 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9c80000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9c90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9ca0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x9e0, address = 0x9ca0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9cb0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9cc0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9cd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9ce0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x9e4, address = 0x9ce0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9cf0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9d00000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9d10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9d20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x5dc, address = 0x9d20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9d30000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9d40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9d50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9d60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xcdc, address = 0x9d60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9d70000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9d80000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9d90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9da0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xbd0, address = 0x9da0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9db0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9dc0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9dd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9de0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x508, address = 0x9de0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9df0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9e00000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9e10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9e20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc90, address = 0x9e20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9e30000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9e40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9e50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9e60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xcbc, address = 0x9e60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9e70000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9e80000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9e90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9ea0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc8c, address = 0x9ea0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9eb0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9ec0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9ed0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9ee0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc78, address = 0x9ee0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9ef0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9f00000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9f10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9f20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc84, address = 0x9f20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9f30000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9f40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9f50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9f60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc88, address = 0x9f60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9f70000, size = 23 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9f80000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9f90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9fa0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc98, address = 0x9fa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9fb0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9fc0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9fd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9fe0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc7c, address = 0x9fe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x9ff0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa000000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa010000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa020000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xcb8, address = 0xa020000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa030000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa040000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa050000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa060000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc74, address = 0xa060000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa070000, size = 6 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa080000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa090000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa0a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xca0, address = 0xa0a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa0b0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa0c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa0d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa0e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xcb0, address = 0xa0e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa0f0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa100000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa110000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa120000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xcb4, address = 0xa120000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa130000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa140000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa150000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa160000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xcc4, address = 0xa160000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa170000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa180000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa190000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa1a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xca4, address = 0xa1a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa1b0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa1c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa1d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa1e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc9c, address = 0xa1e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa1f0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa200000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa210000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa220000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xcd8, address = 0xa220000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa230000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa240000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa250000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa260000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x58c, address = 0xa260000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa270000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa280000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa290000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa2a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x208, address = 0xa2a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa2b0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa2c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa2d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa2e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x664, address = 0xa2e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa2f0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa300000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa310000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa320000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x118, address = 0xa320000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa330000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa340000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa350000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa360000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x684, address = 0xa360000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa370000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa380000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa390000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa3a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x648, address = 0xa3a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa3b0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa3c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa3d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa3e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xbc4, address = 0xa3e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa3f0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa400000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa410000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa420000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x75c, address = 0xa420000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa430000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa440000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa450000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa460000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd28, address = 0xa460000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa470000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa480000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa490000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa4a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x3c8, address = 0xa4a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa4b0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa4c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa4d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa4e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd14, address = 0xa4e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa4f0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa500000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa510000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa520000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x268, address = 0xa520000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa530000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa540000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa550000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa560000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd44, address = 0xa560000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa570000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa580000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa590000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa5a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xda4, address = 0xa5a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa5b0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa5c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa5d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa5e0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd30, address = 0xa5e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa5f0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa600000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa610000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xc68, address = 0xa610000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa6a0000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa6b0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa6c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa6d0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x54c, address = 0xa6d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa6e0000, size = 26 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa6f0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa700000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa710000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd2c, address = 0xa710000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa720000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa730000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa740000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xce4, address = 0xa740000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa7d0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa7e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa7f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa800000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd10, address = 0xa800000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa810000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa820000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa830000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xa04, address = 0xa830000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa8c0000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa8d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa8e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa8f0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x134, address = 0xa8f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa900000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa910000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa920000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa930000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x294, address = 0xa930000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa940000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa950000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa960000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa970000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xa0c, address = 0xa970000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa980000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa990000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa9a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa9b0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xa68, address = 0xa9b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa9c0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa9d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa9e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xa9f0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xa38, address = 0xa9f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaa00000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaa10000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaa20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaa30000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xeb4, address = 0xaa30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaa40000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaa50000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaa60000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaa70000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xec0, address = 0xaa70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaa80000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaa90000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaaa0000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xeb0, address = 0xaaa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xab30000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xab40000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xab50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xab60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x700, address = 0xab60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xab70000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xab80000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xab90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaba0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xcac, address = 0xaba0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xabb0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xabc0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xabd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xabe0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x570, address = 0xabe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xabf0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xac00000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xac10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xac20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x94c, address = 0xac20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xac30000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xac40000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xac50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xac60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x6e8, address = 0xac60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xac70000, size = 7 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xac80000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xac90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaca0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x8c8, address = 0xaca0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xacb0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xacc0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xacd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xace0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x5b8, address = 0xace0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xacf0000, size = 5 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xad00000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xad10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xad20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x728, address = 0xad20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xad30000, size = 7 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xad40000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xad50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xad60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xb30, address = 0xad60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xad70000, size = 5 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xad80000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xad90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xada0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x33c, address = 0xada0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xadb0000, size = 6 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xadc0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xadd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xade0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x804, address = 0xade0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xadf0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xae00000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xae10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xae20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd34, address = 0xae20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xae30000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xae40000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xae50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xae60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd94, address = 0xae60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xae70000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xae80000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xae90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaea0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd90, address = 0xaea0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaeb0000, size = 6 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaec0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaed0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaee0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd7c, address = 0xaee0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaef0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaf00000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaf10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaf20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd88, address = 0xaf20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaf30000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaf40000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaf50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaf60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd8c, address = 0xaf60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaf70000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaf80000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaf90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xafa0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xdb0, address = 0xafa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xafb0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xafc0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xafd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xafe0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd80, address = 0xafe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xaff0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb000000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb010000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0xd78, address = 0xb010000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb0a0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb0b0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb0c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb0d0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1004, address = 0xb0d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb0e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb0f0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb100000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb110000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1008, address = 0xb110000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb120000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb130000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb140000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x100c, address = 0xb140000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb1d0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb1e0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb1f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb200000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1010, address = 0xb200000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb210000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb220000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb230000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb240000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1014, address = 0xb240000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb250000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb260000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb270000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb280000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1018, address = 0xb280000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb290000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb2a0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb2b0000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x101c, address = 0xb2b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb340000, size = 21 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb350000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb360000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb370000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1020, address = 0xb370000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb380000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb390000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb3a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb3b0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1024, address = 0xb3b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb3c0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb3d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb3e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb3f0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1030, address = 0xb3f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb400000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb410000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb420000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb430000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1034, address = 0xb430000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb440000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb450000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb460000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb470000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1044, address = 0xb470000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb480000, size = 26 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb490000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb4a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb4b0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1048, address = 0xb4b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb4c0000, size = 28 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb4d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb4e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb4f0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x104c, address = 0xb4f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb500000, size = 30 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb510000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb520000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb530000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1050, address = 0xb530000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb540000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb550000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb560000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb570000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x105c, address = 0xb570000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb580000, size = 27 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb590000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb5a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb5b0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1068, address = 0xb5b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb5c0000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb5d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb5e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb5f0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x106c, address = 0xb5f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb600000, size = 28 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb610000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb620000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb630000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1074, address = 0xb630000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb640000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb650000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb660000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb670000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x107c, address = 0xb670000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb680000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb690000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb6a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb6b0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1080, address = 0xb6b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb6c0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb6d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb6e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb6f0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1084, address = 0xb6f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb700000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb710000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb720000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb730000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1088, address = 0xb730000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb740000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb750000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb760000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb770000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x108c, address = 0xb770000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb780000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb790000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb7a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb7b0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1090, address = 0xb7b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb7c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb7d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb7e0000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1094, address = 0xb7e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb870000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb880000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb890000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb8a0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1098, address = 0xb8a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb8b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb8c0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb8d0000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x109c, address = 0xb8d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb920000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb9a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb9b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb9c0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10a0, address = 0xb9c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb9d0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb9e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xb9f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xba00000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10a4, address = 0xba00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xba10000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xba20000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xba30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xba40000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10a8, address = 0xba40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xba50000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xba60000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xba70000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xba80000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10ac, address = 0xba80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xba90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbaa0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbab0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbac0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10b0, address = 0xbac0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbad0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbae0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbaf0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbb00000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10b4, address = 0xbb00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbb10000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbb20000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbb30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbb40000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10b8, address = 0xbb40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbb50000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbb60000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbb70000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbb80000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10c0, address = 0xbb80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbb90000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbba0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbbb0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbbc0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10c4, address = 0xbbc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbbd0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbbe0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbbf0000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10c8, address = 0xbbf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbc80000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbc90000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbca0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbcb0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10cc, address = 0xbcb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbcc0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbcd0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbce0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbcf0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10d0, address = 0xbcf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbd00000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbd10000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbd20000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10d4, address = 0xbd20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbdb0000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbdc0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbdd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbde0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10d8, address = 0xbde0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbdf0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbe00000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbe10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbe20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10dc, address = 0xbe20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbe30000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbe40000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbe50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbe60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10e0, address = 0xbe60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbe70000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbe80000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbe90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbea0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10e4, address = 0xbea0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbeb0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbec0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbed0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbee0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10e8, address = 0xbee0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbef0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbf00000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbf10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbf20000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10ec, address = 0xbf20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbf30000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbf40000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbf50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbf60000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10f0, address = 0xbf60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbf70000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbf80000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbf90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbfa0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10f4, address = 0xbfa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbfb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbfc0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xbfd0000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10f8, address = 0xbfd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc060000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc070000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc080000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc090000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x10fc, address = 0xc090000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc0a0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc0b0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc0c0000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1100, address = 0xc0c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc150000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc160000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc170000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc180000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1104, address = 0xc180000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc190000, size = 23 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc1a0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc1b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc1c0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1108, address = 0xc1c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc1d0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc1e0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc1f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc200000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x110c, address = 0xc200000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc210000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc220000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc230000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc240000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1110, address = 0xc240000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc250000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc260000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc270000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc280000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1114, address = 0xc280000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc290000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc2a0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc2b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc2c0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1118, address = 0xc2c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc2d0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc2e0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc2f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc300000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x111c, address = 0xc300000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc310000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc320000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc330000, size = 210 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1120, address = 0xc330000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc3c0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc3d0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc3e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc3f0000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1124, address = 0xc3f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc400000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc410000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc420000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc430000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1128, address = 0xc430000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc440000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc450000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc460000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc470000, size = 142 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x112c, address = 0xc470000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10470000, size = 376832 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc480000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xc490000, size = 313 | | 1 | |
| Create Remote Thread | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | os_thread_id = 0x1130, address = 0xc490000, flags = THREAD_RUNS_IMMEDIATELY | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address = 0x75661b90 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedDecrement, address = 0x75667560 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address = 0x75667520 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address = 0x756675a0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address = 0x75662d60 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address = 0x75673a30 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpynA, address = 0x7566f7b0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryExA, address = 0x75669f60 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetThreadLocale, address = 0x7566a4e0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoA, address = 0x75669730 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoA, address = 0x7566e240 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address = 0x75662db0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileA, address = 0x75676210 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address = 0x756761d0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address = 0x756774f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address = 0x75669700 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address = 0x75676590 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = UnhandledExceptionFilter, address = 0x756928e0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address = 0x75676530 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address = 0x756764f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = RtlUnwind, address = 0x75669a80 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address = 0x756764a0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = RaiseException, address = 0x75669ec0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetStdHandle, address = 0x7566a060 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address = 0x75676360 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address = 0x75674a60 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileType, address = 0x75676390 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address = 0x75676170 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address = 0x75675f20 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineA, address = 0x7566a3c0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = TlsSetValue, address = 0x75661da0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = TlsGetValue, address = 0x75661ba0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = TlsFree, address = 0x75669930 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = TlsAlloc, address = 0x75669a70 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address = 0x756687c0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LocalAlloc, address = 0x75668840 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address = 0x7566a040 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address = 0x756698f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address = 0x756625e0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address = 0x77dfbae0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address = 0x77dfda90 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address = 0x75667910 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = user32.dll, base_address = 0x75f10000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = LoadStringA, address = 0x75f3e280 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = CharNextA, address = 0x75f3d030 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExA, address = 0x74fcee40 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExA, address = 0x74fcf000 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address = 0x74fcefa0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = oleaut32.dll, base_address = 0x75030000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\oleaut32.dll, base_address = 0x75030000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\oleaut32.dll, function = SysFreeString, address = 0x75049230 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\oleaut32.dll, base_address = 0x75030000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\oleaut32.dll, function = SysReAllocStringLen, address = 0x75053ee0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\oleaut32.dll, base_address = 0x75030000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\oleaut32.dll, function = SysAllocStringLen, address = 0x750491a0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExA, address = 0x74fd0750 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExA, address = 0x74fcee40 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExA, address = 0x74fcf000 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyA, address = 0x74fd31a0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumValueA, address = 0x74fd2540 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyExA, address = 0x74fd2520 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueA, address = 0x74fd0fb0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteKeyA, address = 0x74fcfc50 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyA, address = 0x74fd3150 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address = 0x74fcefa0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address = 0x74fcee90 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueA, address = 0x74fe3e70 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = GetUserNameA, address = 0x74fd36d0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address = 0x74fd0680 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address = 0x75673a30 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address = 0x75667610 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = WriteProcessMemory, address = 0x75692ae0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address = 0x75676590 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = WinExec, address = 0x75690170 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address = 0x75676110 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtectEx, address = 0x75692a00 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtect, address = 0x75668c50 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFreeEx, address = 0x756929c0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address = 0x75668c70 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address = 0x756929a0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address = 0x75668b70 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = UnmapViewOfFile, address = 0x756694b0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address = 0x7566fcb0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address = 0x7566fbc0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadPriority, address = 0x75669490 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadContext, address = 0x75692700 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = SetNamedPipeHandleState, address = 0x75692600 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileTime, address = 0x75676550 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address = 0x75676530 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesA, address = 0x75676500 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address = 0x75668bf0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ResumeThread, address = 0x7566a280 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryA, address = 0x756764d0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ReadProcessMemory, address = 0x75691ef0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address = 0x756764a0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address = 0x756692b0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileA, address = 0x7566c240 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = MapViewOfFile, address = 0x75668c10 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address = 0x756687c0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsBadReadPtr, address = 0x75661ce0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address = 0x756625e0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address = 0x77dfda90 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalUnlock, address = 0x75662a10 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalSize, address = 0x756677c0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalReAlloc, address = 0x75662ba0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatus, address = 0x756692d0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalHandle, address = 0x7566e030 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalLock, address = 0x75661bc0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalFree, address = 0x75673a70 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalAlloc, address = 0x75669600 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationA, address = 0x75676430 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExA, address = 0x75669fe0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address = 0x756757f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetThreadLocale, address = 0x7566a4e0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetThreadContext, address = 0x7566eb70 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemInfo, address = 0x7566a1f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetStartupInfoA, address = 0x75669730 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address = 0x75667910 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDriveStringsA, address = 0x7568e9a0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoA, address = 0x7566e240 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetLocalTime, address = 0x75669a60 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address = 0x75662db0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address = 0x75676360 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesA, address = 0x75676310 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetExitCodeThread, address = 0x7566eed0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetExitCodeProcess, address = 0x7566f6f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableA, address = 0x7566a390 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeA, address = 0x756762f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address = 0x75661d90 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address = 0x75662da0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameA, address = 0x7566f4b0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address = 0x756698f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileA, address = 0x75676270 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileA, address = 0x75676210 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address = 0x756761d0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = FileTimeToLocalFileTime, address = 0x756761c0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = FileTimeToDosDateTime, address = 0x75672360 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address = 0x756774f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileA, address = 0x756761a0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address = 0x75669700 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateRemoteThread, address = 0x75690a00 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessA, address = 0x75690960 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreatePipe, address = 0x75660570 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexA, address = 0x75675fb0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address = 0x75676170 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryA, address = 0x75676140 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileA, address = 0x7566c510 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address = 0x75675f20 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = mpr.dll, base_address = 0x74640000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\mpr.dll, base_address = 0x74640000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\mpr.dll, function = WNetOpenEnumA, address = 0x7464d6c0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\mpr.dll, base_address = 0x74640000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\mpr.dll, function = WNetEnumResourceA, address = 0x7464cc80 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\mpr.dll, base_address = 0x74640000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\mpr.dll, function = WNetCloseEnum, address = 0x74643710 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = gdi32.dll, base_address = 0x75790000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\gdi32.dll, base_address = 0x75790000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\gdi32.dll, function = SetTextColor, address = 0x75811c80 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\gdi32.dll, base_address = 0x75790000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\gdi32.dll, function = SetBkColor, address = 0x75811da0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\gdi32.dll, base_address = 0x75790000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address = 0x7580fc80 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\gdi32.dll, base_address = 0x75790000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\gdi32.dll, function = GetObjectA, address = 0x75820530 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\gdi32.dll, base_address = 0x75790000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address = 0x75810820 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\gdi32.dll, base_address = 0x75790000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\gdi32.dll, function = GetDIBits, address = 0x75810dc0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\gdi32.dll, base_address = 0x75790000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address = 0x75810050 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\gdi32.dll, base_address = 0x75790000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address = 0x75810550 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\gdi32.dll, base_address = 0x75790000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\gdi32.dll, function = CreateSolidBrush, address = 0x758123d0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\gdi32.dll, base_address = 0x75790000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\gdi32.dll, function = CreateFontA, address = 0x75841180 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\gdi32.dll, base_address = 0x75790000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address = 0x75811f90 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\gdi32.dll, base_address = 0x75790000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address = 0x758122d0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\gdi32.dll, base_address = 0x75790000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\gdi32.dll, function = BitBlt, address = 0x75812170 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = user32.dll, base_address = 0x75f10000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExA, address = 0x75f44720 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = wvsprintfA, address = 0x75f3ea20 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = mouse_event, address = 0x75f8fd40 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = keybd_event, address = 0x75f8fcf0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = UpdateWindow, address = 0x75f37020 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = UnregisterClassA, address = 0x75f40b00 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address = 0x75f2b9d0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = ToAscii, address = 0x75f42920 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = SystemParametersInfoA, address = 0x75f40860 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = ShowWindow, address = 0x75f452a0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = SetWindowTextA, address = 0x75f345e0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = SetWindowPos, address = 0x75f44f70 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = SetWindowLongA, address = 0x75f40c20 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = SetPropA, address = 0x75f40e50 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = SetForegroundWindow, address = 0x75f2df70 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = SetCursor, address = 0x75f44ed0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = SetClipboardData, address = 0x75f413e0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = SendMessageA, address = 0x75f31460 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = ScreenToClient, address = 0x75f256d0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = RemovePropA, address = 0x75f41000 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = ReleaseDC, address = 0x75f289f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = RegisterClassA, address = 0x75f43e50 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = PostMessageA, address = 0x75f3ce20 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = PeekMessageA, address = 0x75f2aa70 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = OpenClipboard, address = 0x75f41770 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = MessageBoxA, address = 0x75f8cf50 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = MapVirtualKeyA, address = 0x75f41fb0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = LoadIconA, address = 0x75f41ec0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = LoadCursorA, address = 0x75f41e90 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = IsWindowVisible, address = 0x75f36e80 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = IsWindow, address = 0x75f27130 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = InvalidateRect, address = 0x75f44d70 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetWindowThreadProcessId, address = 0x75f2ba70 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetWindowTextLengthA, address = 0x75f31670 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetWindowTextA, address = 0x75f34690 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetWindowRect, address = 0x75f25930 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetWindowLongA, address = 0x75f3cc90 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetSystemMetrics, address = 0x75f255d0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetSystemMenu, address = 0x75f45330 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetSysColor, address = 0x75f2c900 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetPropA, address = 0x75f3e230 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetWindow, address = 0x75f2b590 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetMessageA, address = 0x75f3cae0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetLastInputInfo, address = 0x75f3d000 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardState, address = 0x75f454a0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardLayoutNameA, address = 0x75f973f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetKeyState, address = 0x75f2bdf0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetForegroundWindow, address = 0x75f450f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetDesktopWindow, address = 0x75f21520 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetDC, address = 0x75f44dd0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetClipboardData, address = 0x75f429b0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetClientRect, address = 0x75f22650 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetClassNameA, address = 0x75f3d3c0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetClassInfoA, address = 0x75f3f1d0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = GetAsyncKeyState, address = 0x75f2c440 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = FindWindowExA, address = 0x75f97320 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = FindWindowA, address = 0x75f40980 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = FillRect, address = 0x75f32bb0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = ExitWindowsEx, address = 0x75f74de0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = EnumWindows, address = 0x75f3a0b0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = EnableWindow, address = 0x75f40a50 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = EnableMenuItem, address = 0x75f2e6a0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = EmptyClipboard, address = 0x75f45ca0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageA, address = 0x75f40660 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address = 0x75f456f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcA, address = 0x77e3ca90 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = CloseClipboard, address = 0x75f45a00 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = ClientToScreen, address = 0x75f22460 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = CallWindowProcA, address = 0x75f3c770 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address = 0x75f42b90 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75f10000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\user32.dll, function = CharUpperA, address = 0x75f431c0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = ntdll.dll, base_address = 0x77dc0000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77dc0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\ntdll.dll, function = ZwSetInformationProcess, address = 0x77e28da0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77dc0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\ntdll.dll, function = ZwQueryInformationProcess, address = 0x77e28d50 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address = 0x7566a2a0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = wininet.dll, base_address = 0x74410000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wininet.dll, base_address = 0x74410000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wininet.dll, function = InternetWriteFile, address = 0x7446cb20 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wininet.dll, base_address = 0x74410000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address = 0x744825a0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wininet.dll, base_address = 0x74410000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectA, address = 0x744ab730 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wininet.dll, base_address = 0x74410000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address = 0x74492410 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wininet.dll, base_address = 0x74410000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wininet.dll, function = FtpGetFileSize, address = 0x74559830 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wininet.dll, base_address = 0x74410000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wininet.dll, function = FtpSetCurrentDirectoryA, address = 0x74559ed0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wininet.dll, base_address = 0x74410000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wininet.dll, function = FtpOpenFileA, address = 0x74559a80 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = wsock32.dll, base_address = 0x74400000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = WSACleanup, address = 0x75b9da00 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = WSAStartup, address = 0x75ba2420 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = WSAGetLastError, address = 0x75ba38d0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = gethostbyname, address = 0x75bbc790 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = gethostbyaddr, address = 0x75bbc600 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = socket, address = 0x75b99780 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = shutdown, address = 0x75ba14e0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = send, address = 0x75b9ce20 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = select, address = 0x75ba48e0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = recv, address = 0x74401440 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = ntohs, address = 0x75ba3650 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = ioctlsocket, address = 0x75b9d860 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = inet_ntoa, address = 0x75ba4b00 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = inet_addr, address = 0x75ba2e90 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = htons, address = 0x75ba3650 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = getsockname, address = 0x75b9e030 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = getpeername, address = 0x75ba12c0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = connect, address = 0x75ba33a0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\wsock32.dll, base_address = 0x74400000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\wsock32.dll, function = closesocket, address = 0x75b99ba0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = ole32.dll, base_address = 0x77cd0000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\ole32.dll, base_address = 0x77cd0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address = 0x754fdca0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\ole32.dll, base_address = 0x77cd0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\ole32.dll, function = CoInitialize, address = 0x77cf43b0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = ole32.dll, base_address = 0x77cd0000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\ole32.dll, base_address = 0x77cd0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromString, address = 0x75541390 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\ole32.dll, base_address = 0x77cd0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\ole32.dll, function = StringFromCLSID, address = 0x75501020 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\ole32.dll, base_address = 0x77cd0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\ole32.dll, function = CoTaskMemFree, address = 0x7551cf40 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = gdiplus.dll, base_address = 0x74290000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = gdiplus.dll, base_address = 0x0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = Unknown module name, function = GdipGetImageEncoders, address = 0x0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdipGetImageEncodersSize, address = 0x742ef520 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdipDrawImageRectI, address = 0x742d7180 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdipSetInterpolationMode, address = 0x742d5ad0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdipDeleteGraphics, address = 0x742b92d0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdipCreateBitmapFromScan0, address = 0x742d31c0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdipCreateBitmapFromFileICM, address = 0x74324560 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdipCreateBitmapFromStreamICM, address = 0x743246f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdipCreateBitmapFromFile, address = 0x742f32f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdipCreateBitmapFromStream, address = 0x742f9f10 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdipGetImagePixelFormat, address = 0x742fd9f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdipGetImageGraphicsContext, address = 0x742d3300 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdipSaveImageToStream, address = 0x742f4bd0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdipDisposeImage, address = 0x742f91c0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdiplusShutdown, address = 0x742fa7c0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdiplusStartup, address = 0x742fab50 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdipFree, address = 0x742d3810 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, base_address = 0x74290000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\gdiplus.dll, function = GdipAlloc, address = 0x742d3840 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = AVICAP32.DLL, base_address = 0x74270000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\avicap32.dll, base_address = 0x74270000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\avicap32.dll, function = capCreateCaptureWindowA, address = 0x742721a0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = StartServiceA, address = 0x74fe6a40 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = QueryServiceStatus, address = 0x74fd39f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = OpenServiceA, address = 0x74fe6590 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = OpenSCManagerA, address = 0x74fd0f30 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = EnumServicesStatusA, address = 0x74ffad50 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = DeleteService, address = 0x74fe5e30 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = CreateServiceA, address = 0x74fe5670 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = ControlService, address = 0x74fe55f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = CloseServiceHandle, address = 0x74fd06a0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\shell32.dll, base_address = 0x76910000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFileInfoA, address = 0x76aaf7f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\shell32.dll, base_address = 0x76910000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = DragQueryFileA, address = 0x76b5f900 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = winmm.dll, base_address = 0x74240000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\winmm.dll, base_address = 0x74240000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\winmm.dll, function = waveInUnprepareHeader, address = 0x7424cd20 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\winmm.dll, base_address = 0x74240000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\winmm.dll, function = waveInStart, address = 0x7424cce0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\winmm.dll, base_address = 0x74240000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\winmm.dll, function = waveInReset, address = 0x7424ccc0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\winmm.dll, base_address = 0x74240000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\winmm.dll, function = waveInPrepareHeader, address = 0x7424cca0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\winmm.dll, base_address = 0x74240000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\winmm.dll, function = waveInOpen, address = 0x7424cc80 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\winmm.dll, base_address = 0x74240000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\winmm.dll, function = waveInClose, address = 0x7424cba0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\winmm.dll, base_address = 0x74240000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\winmm.dll, function = waveInAddBuffer, address = 0x7424cb80 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\winmm.dll, base_address = 0x74240000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\winmm.dll, function = mciSendStringA, address = 0x7424f380 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = powrprof.dll, base_address = 0x75280000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\powrprof.dll, base_address = 0x75280000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\powrprof.dll, function = SetSuspendState, address = 0x75289ab0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = msacm32.dll, base_address = 0x73f80000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\msacm32.dll, base_address = 0x73f80000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\msacm32.dll, function = acmStreamUnprepareHeader, address = 0x73f8ade0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\msacm32.dll, base_address = 0x73f80000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\msacm32.dll, function = acmStreamPrepareHeader, address = 0x73f8ab20 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\msacm32.dll, base_address = 0x73f80000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\msacm32.dll, function = acmStreamConvert, address = 0x73f8a440 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\msacm32.dll, base_address = 0x73f80000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\msacm32.dll, function = acmStreamReset, address = 0x73f8ac70 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\msacm32.dll, base_address = 0x73f80000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\msacm32.dll, function = acmStreamSize, address = 0x73f8ace0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\msacm32.dll, base_address = 0x73f80000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\msacm32.dll, function = acmStreamClose, address = 0x73f8a2f0 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\msacm32.dll, base_address = 0x73f80000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\msacm32.dll, function = acmStreamOpen, address = 0x73f8a630 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | LOAD | module_name = ADVAPI32.DLL, base_address = 0x74fb0000 | | 1 | |
| SYS | SLEEP | duration = -1 (infinite) | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityInfo, address = 0x74fd0400 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = SetEntriesInAclA, address = 0x74ff1500 | | 1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\advapi32.dll, function = GetSecurityInfo, address = 0x74fcf990 | | 1 |
| Category | Operation | Information | Success | Count | Logfile | |
|---|---|---|---|---|---|---|
| MOD | GET_FILENAME | file_name = | | 1 | ||
| MOD | GET_FILENAME | module_name = Unknown module name, file_name = C:\Windows\SysWOW64\explorer.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Locales | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Borland\Locales | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | | 1 | ||
| MOD | LOAD | module_name = iphlpapi.dll, base_address = 0x73f50000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\iphlpapi.dll, function = AllocateAndGetTcpExTableFromStack, address = 0x0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\iphlpapi.dll, function = AllocateAndGetUdpExTableFromStack, address = 0x0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\iphlpapi.dll, function = SetTcpEntry, address = 0x73f72050 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\iphlpapi.dll, function = GetExtendedTcpTable, address = 0x73f5b880 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\iphlpapi.dll, function = GetExtendedUdpTable, address = 0x73f5c0d0 | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | ||
| KEYBOARD | READ | virtual_key_code = KB_ALL | | 427 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | ||
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING | | 1 | ||
| FILE | READ | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780750 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | ||
| FILE | CREATE | file_name = c:\windows\system32\install\svhost.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING | | 1 | ||
| FILE | READ | file_name = c:\windows\system32\install\svhost.exe, size = 1544704 | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Windows\system32\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_SAIR, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | LOAD | module_name = shell32.dll, base_address = 0x76910000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address = 0x76b72110 | | 1 | ||
| PROC | CREATE | process_name = C:\Windows\system32\install\svhost.exe, operation = open, show_window = SW_HIDE | | 1 | ||
| SYS | SLEEP | duration = 5000 milliseconds (5.000 seconds) | | 1 | ||
| For performance reasons, the remaining 148 entries are omitted. Click to download all 1148 entries as text file (0.95 MB). | ||||||
| Information | Value |
|---|---|
| ID / OS PID | #4 / 0x1170 |
| OS Parent PID | 0xcc8 (c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:02, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:33 |
| OS Thread IDs | #412 0x1174 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001370000 | 0x01370000 | 0x01370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001380000 | 0x01380000 | 0x01380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001390000 | 0x01390000 | 0x01390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013a0000 | 0x013a0000 | 0x013a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013b0000 | 0x013b0000 | 0x013b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013c0000 | 0x013c0000 | 0x013c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013d0000 | 0x013d0000 | 0x013d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013e0000 | 0x013e0000 | 0x013e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013f0000 | 0x013f0000 | 0x013f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001400000 | 0x01400000 | 0x01400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001410000 | 0x01410000 | 0x01410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001420000 | 0x01420000 | 0x01420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001430000 | 0x01430000 | 0x01430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001440000 | 0x01440000 | 0x01440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001450000 | 0x01450000 | 0x01450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001460000 | 0x01460000 | 0x01460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001470000 | 0x01470000 | 0x01470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001480000 | 0x01480000 | 0x01480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001490000 | 0x01490000 | 0x01490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014a0000 | 0x014a0000 | 0x014a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014b0000 | 0x014b0000 | 0x014b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014c0000 | 0x014c0000 | 0x014c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014d0000 | 0x014d0000 | 0x014d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014e0000 | 0x014e0000 | 0x014e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014f0000 | 0x014f0000 | 0x014f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001500000 | 0x01500000 | 0x01500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001510000 | 0x01510000 | 0x01510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001520000 | 0x01520000 | 0x01520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001530000 | 0x01530000 | 0x01530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001540000 | 0x01540000 | 0x01540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001550000 | 0x01550000 | 0x01550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001560000 | 0x01560000 | 0x01560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001570000 | 0x01570000 | 0x01570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001580000 | 0x01580000 | 0x01580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001590000 | 0x01590000 | 0x01590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015a0000 | 0x015a0000 | 0x015a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015b0000 | 0x015b0000 | 0x015b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015c0000 | 0x015c0000 | 0x015c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015d0000 | 0x015d0000 | 0x015d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015e0000 | 0x015e0000 | 0x015e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015f0000 | 0x015f0000 | 0x015f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001600000 | 0x01600000 | 0x01600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001610000 | 0x01610000 | 0x01610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001620000 | 0x01620000 | 0x01620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001630000 | 0x01630000 | 0x01630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001640000 | 0x01640000 | 0x01640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001650000 | 0x01650000 | 0x01650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001660000 | 0x01660000 | 0x01660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001670000 | 0x01670000 | 0x01670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001680000 | 0x01680000 | 0x01680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001690000 | 0x01690000 | 0x01690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016a0000 | 0x016a0000 | 0x016a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016b0000 | 0x016b0000 | 0x016b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016c0000 | 0x016c0000 | 0x016c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016d0000 | 0x016d0000 | 0x016d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016e0000 | 0x016e0000 | 0x016e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016f0000 | 0x016f0000 | 0x016f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001700000 | 0x01700000 | 0x01700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001710000 | 0x01710000 | 0x01710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001720000 | 0x01720000 | 0x01720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001730000 | 0x01730000 | 0x01730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001740000 | 0x01740000 | 0x01740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001750000 | 0x01750000 | 0x01750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001760000 | 0x01760000 | 0x01760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001770000 | 0x01770000 | 0x01770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001780000 | 0x01780000 | 0x01780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001790000 | 0x01790000 | 0x01790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017a0000 | 0x017a0000 | 0x017a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017b0000 | 0x017b0000 | 0x017b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017c0000 | 0x017c0000 | 0x017c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017d0000 | 0x017d0000 | 0x017d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017e0000 | 0x017e0000 | 0x017e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017f0000 | 0x017f0000 | 0x017f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001800000 | 0x01800000 | 0x01800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001810000 | 0x01810000 | 0x01810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001820000 | 0x01820000 | 0x01820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001830000 | 0x01830000 | 0x01830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001840000 | 0x01840000 | 0x01840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001850000 | 0x01850000 | 0x01850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001860000 | 0x01860000 | 0x01860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001870000 | 0x01870000 | 0x01870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001880000 | 0x01880000 | 0x01880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001890000 | 0x01890000 | 0x01890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018a0000 | 0x018a0000 | 0x018a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018b0000 | 0x018b0000 | 0x018b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018c0000 | 0x018c0000 | 0x018c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018d0000 | 0x018d0000 | 0x018d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018e0000 | 0x018e0000 | 0x018e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018f0000 | 0x018f0000 | 0x018f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001900000 | 0x01900000 | 0x01900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001910000 | 0x01910000 | 0x01910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001920000 | 0x01920000 | 0x01920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001930000 | 0x01930000 | 0x01930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001940000 | 0x01940000 | 0x01940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001950000 | 0x01950000 | 0x01950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001960000 | 0x01960000 | 0x01960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001970000 | 0x01970000 | 0x01970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001980000 | 0x01980000 | 0x01980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001990000 | 0x01990000 | 0x01990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019a0000 | 0x019a0000 | 0x019a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019b0000 | 0x019b0000 | 0x019b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019c0000 | 0x019c0000 | 0x019c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019d0000 | 0x019d0000 | 0x019d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019e0000 | 0x019e0000 | 0x019e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019f0000 | 0x019f0000 | 0x019f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a00000 | 0x01a00000 | 0x01a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a10000 | 0x01a10000 | 0x01a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a20000 | 0x01a20000 | 0x01a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a30000 | 0x01a30000 | 0x01a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a40000 | 0x01a40000 | 0x01a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a50000 | 0x01a50000 | 0x01a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a60000 | 0x01a60000 | 0x01a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a70000 | 0x01a70000 | 0x01a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a80000 | 0x01a80000 | 0x01a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a90000 | 0x01a90000 | 0x01a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001aa0000 | 0x01aa0000 | 0x01aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ab0000 | 0x01ab0000 | 0x01ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ac0000 | 0x01ac0000 | 0x01ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ad0000 | 0x01ad0000 | 0x01ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ae0000 | 0x01ae0000 | 0x01ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001af0000 | 0x01af0000 | 0x01af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b00000 | 0x01b00000 | 0x01b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b10000 | 0x01b10000 | 0x01b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b20000 | 0x01b20000 | 0x01b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b30000 | 0x01b30000 | 0x01b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b40000 | 0x01b40000 | 0x01b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b50000 | 0x01b50000 | 0x01b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b60000 | 0x01b60000 | 0x01b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b70000 | 0x01b70000 | 0x01b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b80000 | 0x01b80000 | 0x01b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b90000 | 0x01b90000 | 0x01b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ba0000 | 0x01ba0000 | 0x01ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bb0000 | 0x01bb0000 | 0x01bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bc0000 | 0x01bc0000 | 0x01bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bd0000 | 0x01bd0000 | 0x01bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001be0000 | 0x01be0000 | 0x01be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bf0000 | 0x01bf0000 | 0x01bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c00000 | 0x01c00000 | 0x01c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c10000 | 0x01c10000 | 0x01c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c20000 | 0x01c20000 | 0x01c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c30000 | 0x01c30000 | 0x01c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c40000 | 0x01c40000 | 0x01c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c50000 | 0x01c50000 | 0x01c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c60000 | 0x01c60000 | 0x01c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c70000 | 0x01c70000 | 0x01c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c80000 | 0x01c80000 | 0x01c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c90000 | 0x01c90000 | 0x01c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ca0000 | 0x01ca0000 | 0x01ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cb0000 | 0x01cb0000 | 0x01cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cc0000 | 0x01cc0000 | 0x01cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cd0000 | 0x01cd0000 | 0x01cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ce0000 | 0x01ce0000 | 0x01ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cf0000 | 0x01cf0000 | 0x01cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d00000 | 0x01d00000 | 0x01d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d10000 | 0x01d10000 | 0x01d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d20000 | 0x01d20000 | 0x01d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d30000 | 0x01d30000 | 0x01d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d40000 | 0x01d40000 | 0x01d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d50000 | 0x01d50000 | 0x01d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d60000 | 0x01d60000 | 0x01d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d70000 | 0x01d70000 | 0x01d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d80000 | 0x01d80000 | 0x01d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d90000 | 0x01d90000 | 0x01d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001da0000 | 0x01da0000 | 0x01da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001db0000 | 0x01db0000 | 0x01db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001dc0000 | 0x01dc0000 | 0x01dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001dd0000 | 0x01dd0000 | 0x01dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001de0000 | 0x01de0000 | 0x01de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001df0000 | 0x01df0000 | 0x01df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e00000 | 0x01e00000 | 0x01e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e10000 | 0x01e10000 | 0x01e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e20000 | 0x01e20000 | 0x01e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e30000 | 0x01e30000 | 0x01e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e40000 | 0x01e40000 | 0x01e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e50000 | 0x01e50000 | 0x01e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e60000 | 0x01e60000 | 0x01e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e70000 | 0x01e70000 | 0x01e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e80000 | 0x01e80000 | 0x01e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e90000 | 0x01e90000 | 0x01e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ea0000 | 0x01ea0000 | 0x01ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001eb0000 | 0x01eb0000 | 0x01eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ec0000 | 0x01ec0000 | 0x01ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ed0000 | 0x01ed0000 | 0x01ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ee0000 | 0x01ee0000 | 0x01ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ef0000 | 0x01ef0000 | 0x01ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f00000 | 0x01f00000 | 0x01f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f10000 | 0x01f10000 | 0x01f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f20000 | 0x01f20000 | 0x01f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f30000 | 0x01f30000 | 0x01f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f40000 | 0x01f40000 | 0x01f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f50000 | 0x01f50000 | 0x01f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f60000 | 0x01f60000 | 0x01f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f70000 | 0x01f70000 | 0x01f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f80000 | 0x01f80000 | 0x01f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f90000 | 0x01f90000 | 0x01f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fa0000 | 0x01fa0000 | 0x01fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fb0000 | 0x01fb0000 | 0x01fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fc0000 | 0x01fc0000 | 0x01fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fd0000 | 0x01fd0000 | 0x01fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fe0000 | 0x01fe0000 | 0x01fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ff0000 | 0x01ff0000 | 0x01ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002000000 | 0x02000000 | 0x02000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002010000 | 0x02010000 | 0x02010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002020000 | 0x02020000 | 0x02020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002030000 | 0x02030000 | 0x02030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002040000 | 0x02040000 | 0x02040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002050000 | 0x02050000 | 0x02050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002060000 | 0x02060000 | 0x02060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002070000 | 0x02070000 | 0x02070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002080000 | 0x02080000 | 0x02080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002090000 | 0x02090000 | 0x02090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020a0000 | 0x020a0000 | 0x020a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020b0000 | 0x020b0000 | 0x020b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020c0000 | 0x020c0000 | 0x020c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020d0000 | 0x020d0000 | 0x020d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020e0000 | 0x020e0000 | 0x020e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020f0000 | 0x020f0000 | 0x020f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002100000 | 0x02100000 | 0x02100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002110000 | 0x02110000 | 0x02110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002120000 | 0x02120000 | 0x02120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002130000 | 0x02130000 | 0x02130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002140000 | 0x02140000 | 0x02140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002150000 | 0x02150000 | 0x02150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002160000 | 0x02160000 | 0x02160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002170000 | 0x02170000 | 0x02170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002180000 | 0x02180000 | 0x02180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002190000 | 0x02190000 | 0x02190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021a0000 | 0x021a0000 | 0x021a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021b0000 | 0x021b0000 | 0x021b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021c0000 | 0x021c0000 | 0x021c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021d0000 | 0x021d0000 | 0x021d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021e0000 | 0x021e0000 | 0x021e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021f0000 | 0x021f0000 | 0x021f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002200000 | 0x02200000 | 0x02200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002210000 | 0x02210000 | 0x02210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002220000 | 0x02220000 | 0x02220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002230000 | 0x02230000 | 0x02230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002240000 | 0x02240000 | 0x02240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002250000 | 0x02250000 | 0x02250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002260000 | 0x02260000 | 0x02260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002270000 | 0x02270000 | 0x02270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002280000 | 0x02280000 | 0x02280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002290000 | 0x02290000 | 0x02290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022a0000 | 0x022a0000 | 0x022a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022b0000 | 0x022b0000 | 0x022b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022c0000 | 0x022c0000 | 0x022c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022d0000 | 0x022d0000 | 0x022d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022e0000 | 0x022e0000 | 0x022e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022f0000 | 0x022f0000 | 0x022f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002300000 | 0x02300000 | 0x02300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002310000 | 0x02310000 | 0x02310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002320000 | 0x02320000 | 0x02320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002330000 | 0x02330000 | 0x02330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002340000 | 0x02340000 | 0x02340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002350000 | 0x02350000 | 0x02350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002360000 | 0x02360000 | 0x02360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002370000 | 0x02370000 | 0x02370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002380000 | 0x02380000 | 0x02380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002390000 | 0x02390000 | 0x02390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023a0000 | 0x023a0000 | 0x023a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023b0000 | 0x023b0000 | 0x023b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023c0000 | 0x023c0000 | 0x023c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023d0000 | 0x023d0000 | 0x023d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023e0000 | 0x023e0000 | 0x023e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023f0000 | 0x023f0000 | 0x023f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002400000 | 0x02400000 | 0x02400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002410000 | 0x02410000 | 0x02410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002420000 | 0x02420000 | 0x02420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002430000 | 0x02430000 | 0x02430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002440000 | 0x02440000 | 0x02440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002450000 | 0x02450000 | 0x02450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002460000 | 0x02460000 | 0x02460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002470000 | 0x02470000 | 0x02470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002480000 | 0x02480000 | 0x02480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002490000 | 0x02490000 | 0x02490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024a0000 | 0x024a0000 | 0x024a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024b0000 | 0x024b0000 | 0x024b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024c0000 | 0x024c0000 | 0x024c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024d0000 | 0x024d0000 | 0x024d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024e0000 | 0x024e0000 | 0x024e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024f0000 | 0x024f0000 | 0x024f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002500000 | 0x02500000 | 0x02500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002510000 | 0x02510000 | 0x02510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002520000 | 0x02520000 | 0x02520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002530000 | 0x02530000 | 0x02530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002540000 | 0x02540000 | 0x02540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002550000 | 0x02550000 | 0x02550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002560000 | 0x02560000 | 0x02560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002570000 | 0x02570000 | 0x02570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002580000 | 0x02580000 | 0x02580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002590000 | 0x02590000 | 0x02590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025a0000 | 0x025a0000 | 0x025a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025b0000 | 0x025b0000 | 0x025b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025c0000 | 0x025c0000 | 0x025c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025d0000 | 0x025d0000 | 0x025d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025e0000 | 0x025e0000 | 0x025e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025f0000 | 0x025f0000 | 0x025f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002600000 | 0x02600000 | 0x02600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002610000 | 0x02610000 | 0x02610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002620000 | 0x02620000 | 0x02620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002630000 | 0x02630000 | 0x02630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002640000 | 0x02640000 | 0x02640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002650000 | 0x02650000 | 0x02650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002660000 | 0x02660000 | 0x02660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002670000 | 0x02670000 | 0x02670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002680000 | 0x02680000 | 0x02680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002690000 | 0x02690000 | 0x02690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026a0000 | 0x026a0000 | 0x026a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026b0000 | 0x026b0000 | 0x026b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026c0000 | 0x026c0000 | 0x026c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026d0000 | 0x026d0000 | 0x026d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026e0000 | 0x026e0000 | 0x026e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026f0000 | 0x026f0000 | 0x026f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002700000 | 0x02700000 | 0x02700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002710000 | 0x02710000 | 0x02710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002720000 | 0x02720000 | 0x02720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002730000 | 0x02730000 | 0x02730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002740000 | 0x02740000 | 0x02740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002750000 | 0x02750000 | 0x02750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002760000 | 0x02760000 | 0x02760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002770000 | 0x02770000 | 0x02770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002780000 | 0x02780000 | 0x02780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002790000 | 0x02790000 | 0x02790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027a0000 | 0x027a0000 | 0x027a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027b0000 | 0x027b0000 | 0x027b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027c0000 | 0x027c0000 | 0x027c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027d0000 | 0x027d0000 | 0x027d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027e0000 | 0x027e0000 | 0x027e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027f0000 | 0x027f0000 | 0x027f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002800000 | 0x02800000 | 0x02800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002810000 | 0x02810000 | 0x02810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002820000 | 0x02820000 | 0x02820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002830000 | 0x02830000 | 0x02830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002840000 | 0x02840000 | 0x02840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002850000 | 0x02850000 | 0x02850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002860000 | 0x02860000 | 0x02860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002870000 | 0x02870000 | 0x02870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002880000 | 0x02880000 | 0x02880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002890000 | 0x02890000 | 0x02890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028a0000 | 0x028a0000 | 0x028a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028b0000 | 0x028b0000 | 0x028b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028c0000 | 0x028c0000 | 0x028c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028d0000 | 0x028d0000 | 0x028d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028e0000 | 0x028e0000 | 0x028e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028f0000 | 0x028f0000 | 0x028f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002900000 | 0x02900000 | 0x02900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002910000 | 0x02910000 | 0x02910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002920000 | 0x02920000 | 0x02920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002930000 | 0x02930000 | 0x02930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002940000 | 0x02940000 | 0x02940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002950000 | 0x02950000 | 0x02950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002960000 | 0x02960000 | 0x02960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002970000 | 0x02970000 | 0x02970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002980000 | 0x02980000 | 0x02980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002990000 | 0x02990000 | 0x02990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029a0000 | 0x029a0000 | 0x029a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029b0000 | 0x029b0000 | 0x029b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029c0000 | 0x029c0000 | 0x029c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029d0000 | 0x029d0000 | 0x029d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029e0000 | 0x029e0000 | 0x029e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029f0000 | 0x029f0000 | 0x029f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a00000 | 0x02a00000 | 0x02a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a10000 | 0x02a10000 | 0x02a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a20000 | 0x02a20000 | 0x02a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a30000 | 0x02a30000 | 0x02a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a40000 | 0x02a40000 | 0x02a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a50000 | 0x02a50000 | 0x02a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a60000 | 0x02a60000 | 0x02a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a70000 | 0x02a70000 | 0x02a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a80000 | 0x02a80000 | 0x02a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a90000 | 0x02a90000 | 0x02a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002aa0000 | 0x02aa0000 | 0x02aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ab0000 | 0x02ab0000 | 0x02ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ac0000 | 0x02ac0000 | 0x02ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ad0000 | 0x02ad0000 | 0x02ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ae0000 | 0x02ae0000 | 0x02ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002af0000 | 0x02af0000 | 0x02af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b00000 | 0x02b00000 | 0x02b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b10000 | 0x02b10000 | 0x02b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b20000 | 0x02b20000 | 0x02b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b30000 | 0x02b30000 | 0x02b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b40000 | 0x02b40000 | 0x02b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b50000 | 0x02b50000 | 0x02b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b60000 | 0x02b60000 | 0x02b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b70000 | 0x02b70000 | 0x02b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b80000 | 0x02b80000 | 0x02b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b90000 | 0x02b90000 | 0x02b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ba0000 | 0x02ba0000 | 0x02ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002bb0000 | 0x02bb0000 | 0x02bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002bc0000 | 0x02bc0000 | 0x02bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002bd0000 | 0x02bd0000 | 0x02bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002be0000 | 0x02be0000 | 0x02be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002bf0000 | 0x02bf0000 | 0x02bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c00000 | 0x02c00000 | 0x02c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c10000 | 0x02c10000 | 0x02c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c20000 | 0x02c20000 | 0x02c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c30000 | 0x02c30000 | 0x02c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c40000 | 0x02c40000 | 0x02c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c50000 | 0x02c50000 | 0x02c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c60000 | 0x02c60000 | 0x02c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c70000 | 0x02c70000 | 0x02c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c80000 | 0x02c80000 | 0x02c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c90000 | 0x02c90000 | 0x02c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ca0000 | 0x02ca0000 | 0x02ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002cb0000 | 0x02cb0000 | 0x02cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002cc0000 | 0x02cc0000 | 0x02cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002cd0000 | 0x02cd0000 | 0x02cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ce0000 | 0x02ce0000 | 0x02ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002cf0000 | 0x02cf0000 | 0x02cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d00000 | 0x02d00000 | 0x02d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d10000 | 0x02d10000 | 0x02d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d20000 | 0x02d20000 | 0x02d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d30000 | 0x02d30000 | 0x02d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d40000 | 0x02d40000 | 0x02d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d50000 | 0x02d50000 | 0x02d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d60000 | 0x02d60000 | 0x02d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d70000 | 0x02d70000 | 0x02d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d80000 | 0x02d80000 | 0x02d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d90000 | 0x02d90000 | 0x02d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002da0000 | 0x02da0000 | 0x02da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002db0000 | 0x02db0000 | 0x02db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002dc0000 | 0x02dc0000 | 0x02dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002dd0000 | 0x02dd0000 | 0x02dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002de0000 | 0x02de0000 | 0x02de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002df0000 | 0x02df0000 | 0x02df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e00000 | 0x02e00000 | 0x02e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e10000 | 0x02e10000 | 0x02e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e20000 | 0x02e20000 | 0x02e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e30000 | 0x02e30000 | 0x02e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e40000 | 0x02e40000 | 0x02e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e50000 | 0x02e50000 | 0x02e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e60000 | 0x02e60000 | 0x02e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e70000 | 0x02e70000 | 0x02e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e80000 | 0x02e80000 | 0x02e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e90000 | 0x02e90000 | 0x02e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ea0000 | 0x02ea0000 | 0x02ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002eb0000 | 0x02eb0000 | 0x02eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ec0000 | 0x02ec0000 | 0x02ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ed0000 | 0x02ed0000 | 0x02ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ee0000 | 0x02ee0000 | 0x02ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ef0000 | 0x02ef0000 | 0x02ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f00000 | 0x02f00000 | 0x02f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f10000 | 0x02f10000 | 0x02f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f20000 | 0x02f20000 | 0x02f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f30000 | 0x02f30000 | 0x02f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f40000 | 0x02f40000 | 0x02f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f50000 | 0x02f50000 | 0x02f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f60000 | 0x02f60000 | 0x02f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f70000 | 0x02f70000 | 0x02f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f80000 | 0x02f80000 | 0x02f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f90000 | 0x02f90000 | 0x02f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002fa0000 | 0x02fa0000 | 0x02fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002fb0000 | 0x02fb0000 | 0x02fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002fc0000 | 0x02fc0000 | 0x02fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002fd0000 | 0x02fd0000 | 0x02fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002fe0000 | 0x02fe0000 | 0x02fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ff0000 | 0x02ff0000 | 0x02ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003000000 | 0x03000000 | 0x03000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003010000 | 0x03010000 | 0x03010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003020000 | 0x03020000 | 0x03020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003030000 | 0x03030000 | 0x03030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003040000 | 0x03040000 | 0x03040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003050000 | 0x03050000 | 0x03050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003060000 | 0x03060000 | 0x03060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003070000 | 0x03070000 | 0x03070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003080000 | 0x03080000 | 0x03080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003090000 | 0x03090000 | 0x03090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030a0000 | 0x030a0000 | 0x030a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030b0000 | 0x030b0000 | 0x030b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030c0000 | 0x030c0000 | 0x030c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030d0000 | 0x030d0000 | 0x030d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030e0000 | 0x030e0000 | 0x030e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030f0000 | 0x030f0000 | 0x030f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003100000 | 0x03100000 | 0x03100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003110000 | 0x03110000 | 0x03110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003120000 | 0x03120000 | 0x03120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003130000 | 0x03130000 | 0x03130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003140000 | 0x03140000 | 0x03140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003150000 | 0x03150000 | 0x03150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003160000 | 0x03160000 | 0x03160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003170000 | 0x03170000 | 0x03170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003180000 | 0x03180000 | 0x03180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003190000 | 0x03190000 | 0x03190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031a0000 | 0x031a0000 | 0x031a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031b0000 | 0x031b0000 | 0x031b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031c0000 | 0x031c0000 | 0x031c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031d0000 | 0x031d0000 | 0x031d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031e0000 | 0x031e0000 | 0x031e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031f0000 | 0x031f0000 | 0x031f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003200000 | 0x03200000 | 0x03200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003210000 | 0x03210000 | 0x03210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003220000 | 0x03220000 | 0x03220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003230000 | 0x03230000 | 0x03230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003240000 | 0x03240000 | 0x03240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003250000 | 0x03250000 | 0x03250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003260000 | 0x03260000 | 0x03260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003270000 | 0x03270000 | 0x03270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003280000 | 0x03280000 | 0x03280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003290000 | 0x03290000 | 0x03290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032a0000 | 0x032a0000 | 0x032a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032b0000 | 0x032b0000 | 0x032b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032c0000 | 0x032c0000 | 0x032c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032d0000 | 0x032d0000 | 0x032d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032e0000 | 0x032e0000 | 0x032e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032f0000 | 0x032f0000 | 0x032f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003300000 | 0x03300000 | 0x03300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003310000 | 0x03310000 | 0x03310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003320000 | 0x03320000 | 0x03320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003330000 | 0x03330000 | 0x03330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003340000 | 0x03340000 | 0x03340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003350000 | 0x03350000 | 0x03350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003360000 | 0x03360000 | 0x03360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003370000 | 0x03370000 | 0x03370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003380000 | 0x03380000 | 0x03380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003390000 | 0x03390000 | 0x03390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033a0000 | 0x033a0000 | 0x033a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033b0000 | 0x033b0000 | 0x033b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033c0000 | 0x033c0000 | 0x033c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033d0000 | 0x033d0000 | 0x033d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033e0000 | 0x033e0000 | 0x033e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033f0000 | 0x033f0000 | 0x033f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003400000 | 0x03400000 | 0x03400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003410000 | 0x03410000 | 0x03410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003420000 | 0x03420000 | 0x03420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003430000 | 0x03430000 | 0x03430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003440000 | 0x03440000 | 0x03440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003450000 | 0x03450000 | 0x03450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003460000 | 0x03460000 | 0x03460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003470000 | 0x03470000 | 0x03470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003480000 | 0x03480000 | 0x03480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003490000 | 0x03490000 | 0x03490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034a0000 | 0x034a0000 | 0x034a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034b0000 | 0x034b0000 | 0x034b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034c0000 | 0x034c0000 | 0x034c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034d0000 | 0x034d0000 | 0x034d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034e0000 | 0x034e0000 | 0x034e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034f0000 | 0x034f0000 | 0x034f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003500000 | 0x03500000 | 0x03500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003510000 | 0x03510000 | 0x03510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003520000 | 0x03520000 | 0x03520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003530000 | 0x03530000 | 0x03530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003540000 | 0x03540000 | 0x03540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003550000 | 0x03550000 | 0x03550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003560000 | 0x03560000 | 0x03560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003570000 | 0x03570000 | 0x03570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003580000 | 0x03580000 | 0x03580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003590000 | 0x03590000 | 0x03590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035a0000 | 0x035a0000 | 0x035a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035b0000 | 0x035b0000 | 0x035b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035c0000 | 0x035c0000 | 0x035c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035d0000 | 0x035d0000 | 0x035d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035e0000 | 0x035e0000 | 0x035e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035f0000 | 0x035f0000 | 0x035f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003600000 | 0x03600000 | 0x03600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003610000 | 0x03610000 | 0x03610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003620000 | 0x03620000 | 0x03620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003630000 | 0x03630000 | 0x03630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003640000 | 0x03640000 | 0x03640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003650000 | 0x03650000 | 0x03650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003660000 | 0x03660000 | 0x03660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003670000 | 0x03670000 | 0x03670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003680000 | 0x03680000 | 0x03680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003690000 | 0x03690000 | 0x03690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000036a0000 | 0x036a0000 | 0x036a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000036b0000 | 0x036b0000 | 0x036b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000036c0000 | 0x036c0000 | 0x036c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000036d0000 | 0x036d0000 | 0x036d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000036e0000 | 0x036e0000 | 0x036e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000036f0000 | 0x036f0000 | 0x036f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003700000 | 0x03700000 | 0x03700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003710000 | 0x03710000 | 0x03710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003720000 | 0x03720000 | 0x03720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003730000 | 0x03730000 | 0x03730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003740000 | 0x03740000 | 0x03740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003750000 | 0x03750000 | 0x03750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003760000 | 0x03760000 | 0x03760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003770000 | 0x03770000 | 0x03770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003780000 | 0x03780000 | 0x03780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003790000 | 0x03790000 | 0x03790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000037a0000 | 0x037a0000 | 0x037a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000037b0000 | 0x037b0000 | 0x037b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000037c0000 | 0x037c0000 | 0x037c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000037d0000 | 0x037d0000 | 0x037d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000037e0000 | 0x037e0000 | 0x037e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000037f0000 | 0x037f0000 | 0x037f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003800000 | 0x03800000 | 0x03800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003810000 | 0x03810000 | 0x03810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003820000 | 0x03820000 | 0x03820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003830000 | 0x03830000 | 0x03830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003840000 | 0x03840000 | 0x03840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003850000 | 0x03850000 | 0x03850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003860000 | 0x03860000 | 0x03860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003870000 | 0x03870000 | 0x03870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003880000 | 0x03880000 | 0x03880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003890000 | 0x03890000 | 0x03890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000038a0000 | 0x038a0000 | 0x038a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000038b0000 | 0x038b0000 | 0x038b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000038c0000 | 0x038c0000 | 0x038c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000038d0000 | 0x038d0000 | 0x038d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000038e0000 | 0x038e0000 | 0x038e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000038f0000 | 0x038f0000 | 0x038f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003900000 | 0x03900000 | 0x03900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003910000 | 0x03910000 | 0x03910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003920000 | 0x03920000 | 0x03920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003930000 | 0x03930000 | 0x03930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003940000 | 0x03940000 | 0x03940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003950000 | 0x03950000 | 0x03950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003960000 | 0x03960000 | 0x03960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003970000 | 0x03970000 | 0x03970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003980000 | 0x03980000 | 0x03980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003990000 | 0x03990000 | 0x03990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000039a0000 | 0x039a0000 | 0x039a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000039b0000 | 0x039b0000 | 0x039b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000039c0000 | 0x039c0000 | 0x039c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000039d0000 | 0x039d0000 | 0x039d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000039e0000 | 0x039e0000 | 0x039e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000039f0000 | 0x039f0000 | 0x039f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a00000 | 0x03a00000 | 0x03a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a10000 | 0x03a10000 | 0x03a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a20000 | 0x03a20000 | 0x03a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a30000 | 0x03a30000 | 0x03a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a40000 | 0x03a40000 | 0x03a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a50000 | 0x03a50000 | 0x03a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a60000 | 0x03a60000 | 0x03a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a70000 | 0x03a70000 | 0x03a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a80000 | 0x03a80000 | 0x03a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a90000 | 0x03a90000 | 0x03a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003aa0000 | 0x03aa0000 | 0x03aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ab0000 | 0x03ab0000 | 0x03ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ac0000 | 0x03ac0000 | 0x03ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ad0000 | 0x03ad0000 | 0x03ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ae0000 | 0x03ae0000 | 0x03ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003af0000 | 0x03af0000 | 0x03af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b00000 | 0x03b00000 | 0x03b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b10000 | 0x03b10000 | 0x03b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b20000 | 0x03b20000 | 0x03b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b30000 | 0x03b30000 | 0x03b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b40000 | 0x03b40000 | 0x03b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b50000 | 0x03b50000 | 0x03b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b60000 | 0x03b60000 | 0x03b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b70000 | 0x03b70000 | 0x03b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b80000 | 0x03b80000 | 0x03b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b90000 | 0x03b90000 | 0x03b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ba0000 | 0x03ba0000 | 0x03ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003bb0000 | 0x03bb0000 | 0x03bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003bc0000 | 0x03bc0000 | 0x03bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003bd0000 | 0x03bd0000 | 0x03bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003be0000 | 0x03be0000 | 0x03be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003bf0000 | 0x03bf0000 | 0x03bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c00000 | 0x03c00000 | 0x03c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c10000 | 0x03c10000 | 0x03c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c20000 | 0x03c20000 | 0x03c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c30000 | 0x03c30000 | 0x03c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c40000 | 0x03c40000 | 0x03c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c50000 | 0x03c50000 | 0x03c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c60000 | 0x03c60000 | 0x03c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c70000 | 0x03c70000 | 0x03c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c80000 | 0x03c80000 | 0x03c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c90000 | 0x03c90000 | 0x03c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ca0000 | 0x03ca0000 | 0x03ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003cb0000 | 0x03cb0000 | 0x03cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003cc0000 | 0x03cc0000 | 0x03cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003cd0000 | 0x03cd0000 | 0x03cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ce0000 | 0x03ce0000 | 0x03ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003cf0000 | 0x03cf0000 | 0x03cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d00000 | 0x03d00000 | 0x03d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d10000 | 0x03d10000 | 0x03d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d20000 | 0x03d20000 | 0x03d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d30000 | 0x03d30000 | 0x03d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d40000 | 0x03d40000 | 0x03d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d50000 | 0x03d50000 | 0x03d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d60000 | 0x03d60000 | 0x03d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d70000 | 0x03d70000 | 0x03d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d80000 | 0x03d80000 | 0x03d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d90000 | 0x03d90000 | 0x03d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003da0000 | 0x03da0000 | 0x03da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003db0000 | 0x03db0000 | 0x03db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003dc0000 | 0x03dc0000 | 0x03dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003dd0000 | 0x03dd0000 | 0x03dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003de0000 | 0x03de0000 | 0x03de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003df0000 | 0x03df0000 | 0x03df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e00000 | 0x03e00000 | 0x03e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e10000 | 0x03e10000 | 0x03e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e20000 | 0x03e20000 | 0x03e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e30000 | 0x03e30000 | 0x03e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e40000 | 0x03e40000 | 0x03e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e50000 | 0x03e50000 | 0x03e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e60000 | 0x03e60000 | 0x03e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e70000 | 0x03e70000 | 0x03e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e80000 | 0x03e80000 | 0x03e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e90000 | 0x03e90000 | 0x03e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ea0000 | 0x03ea0000 | 0x03ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003eb0000 | 0x03eb0000 | 0x03eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ec0000 | 0x03ec0000 | 0x03ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ed0000 | 0x03ed0000 | 0x03ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ee0000 | 0x03ee0000 | 0x03ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ef0000 | 0x03ef0000 | 0x03ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f00000 | 0x03f00000 | 0x03f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f10000 | 0x03f10000 | 0x03f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f20000 | 0x03f20000 | 0x03f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f30000 | 0x03f30000 | 0x03f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f40000 | 0x03f40000 | 0x03f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f50000 | 0x03f50000 | 0x03f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f60000 | 0x03f60000 | 0x03f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f70000 | 0x03f70000 | 0x03f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f80000 | 0x03f80000 | 0x03f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f90000 | 0x03f90000 | 0x03f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003fa0000 | 0x03fa0000 | 0x03fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003fb0000 | 0x03fb0000 | 0x03fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003fc0000 | 0x03fc0000 | 0x03fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003fd0000 | 0x03fd0000 | 0x03fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003fe0000 | 0x03fe0000 | 0x03fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ff0000 | 0x03ff0000 | 0x03ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004000000 | 0x04000000 | 0x04000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004010000 | 0x04010000 | 0x04010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004020000 | 0x04020000 | 0x04020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004030000 | 0x04030000 | 0x04030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004040000 | 0x04040000 | 0x04040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004050000 | 0x04050000 | 0x04050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004060000 | 0x04060000 | 0x04060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004070000 | 0x04070000 | 0x04070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004080000 | 0x04080000 | 0x04080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004090000 | 0x04090000 | 0x04090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000040a0000 | 0x040a0000 | 0x040a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000040b0000 | 0x040b0000 | 0x040b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000040c0000 | 0x040c0000 | 0x040c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000040d0000 | 0x040d0000 | 0x040d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000040e0000 | 0x040e0000 | 0x040e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000040f0000 | 0x040f0000 | 0x040f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004100000 | 0x04100000 | 0x04100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004110000 | 0x04110000 | 0x04110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004120000 | 0x04120000 | 0x04120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004130000 | 0x04130000 | 0x04130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004140000 | 0x04140000 | 0x04140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004150000 | 0x04150000 | 0x04150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004160000 | 0x04160000 | 0x04160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004170000 | 0x04170000 | 0x04170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004180000 | 0x04180000 | 0x04180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004190000 | 0x04190000 | 0x04190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000041a0000 | 0x041a0000 | 0x041a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000041b0000 | 0x041b0000 | 0x041b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000041c0000 | 0x041c0000 | 0x041c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000041d0000 | 0x041d0000 | 0x041d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000041e0000 | 0x041e0000 | 0x041e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000041f0000 | 0x041f0000 | 0x041f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004200000 | 0x04200000 | 0x04200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004210000 | 0x04210000 | 0x04210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004220000 | 0x04220000 | 0x04220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004230000 | 0x04230000 | 0x04230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004240000 | 0x04240000 | 0x04240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004250000 | 0x04250000 | 0x04250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004260000 | 0x04260000 | 0x04260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004270000 | 0x04270000 | 0x04270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004280000 | 0x04280000 | 0x04280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004290000 | 0x04290000 | 0x04290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000042a0000 | 0x042a0000 | 0x042a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000042b0000 | 0x042b0000 | 0x042b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000042c0000 | 0x042c0000 | 0x042c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000042d0000 | 0x042d0000 | 0x042d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000042e0000 | 0x042e0000 | 0x042e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000042f0000 | 0x042f0000 | 0x042f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004300000 | 0x04300000 | 0x04300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004310000 | 0x04310000 | 0x04310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004320000 | 0x04320000 | 0x04320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004330000 | 0x04330000 | 0x04330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004340000 | 0x04340000 | 0x04340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004350000 | 0x04350000 | 0x04350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004360000 | 0x04360000 | 0x04360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004370000 | 0x04370000 | 0x04370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004380000 | 0x04380000 | 0x04380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004390000 | 0x04390000 | 0x04390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000043a0000 | 0x043a0000 | 0x043a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000043b0000 | 0x043b0000 | 0x043b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000043c0000 | 0x043c0000 | 0x043c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000043d0000 | 0x043d0000 | 0x043d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000043e0000 | 0x043e0000 | 0x043e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000043f0000 | 0x043f0000 | 0x043f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004400000 | 0x04400000 | 0x04400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004410000 | 0x04410000 | 0x04410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004420000 | 0x04420000 | 0x04420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004430000 | 0x04430000 | 0x04430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004440000 | 0x04440000 | 0x04440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004450000 | 0x04450000 | 0x04450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004460000 | 0x04460000 | 0x04460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004470000 | 0x04470000 | 0x04470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004480000 | 0x04480000 | 0x04480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004490000 | 0x04490000 | 0x04490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000044a0000 | 0x044a0000 | 0x044a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000044b0000 | 0x044b0000 | 0x044b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000044c0000 | 0x044c0000 | 0x044c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000044d0000 | 0x044d0000 | 0x044d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000044e0000 | 0x044e0000 | 0x044e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000044f0000 | 0x044f0000 | 0x044f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004500000 | 0x04500000 | 0x04500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004510000 | 0x04510000 | 0x04510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004520000 | 0x04520000 | 0x04520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004530000 | 0x04530000 | 0x04530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004540000 | 0x04540000 | 0x04540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004550000 | 0x04550000 | 0x04550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004560000 | 0x04560000 | 0x04560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004570000 | 0x04570000 | 0x04570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004580000 | 0x04580000 | 0x04580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004590000 | 0x04590000 | 0x04590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000045a0000 | 0x045a0000 | 0x045a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000045b0000 | 0x045b0000 | 0x045b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000045c0000 | 0x045c0000 | 0x045c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000045d0000 | 0x045d0000 | 0x045d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000045e0000 | 0x045e0000 | 0x045e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000045f0000 | 0x045f0000 | 0x045f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004600000 | 0x04600000 | 0x04600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004610000 | 0x04610000 | 0x04610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004620000 | 0x04620000 | 0x04620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004630000 | 0x04630000 | 0x04630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004640000 | 0x04640000 | 0x04640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004650000 | 0x04650000 | 0x04650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004660000 | 0x04660000 | 0x04660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004670000 | 0x04670000 | 0x04670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004680000 | 0x04680000 | 0x04680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004690000 | 0x04690000 | 0x04690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000046a0000 | 0x046a0000 | 0x046a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000046b0000 | 0x046b0000 | 0x046b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000046c0000 | 0x046c0000 | 0x046c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000046d0000 | 0x046d0000 | 0x046d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000046e0000 | 0x046e0000 | 0x046e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000046f0000 | 0x046f0000 | 0x046f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004700000 | 0x04700000 | 0x04700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004710000 | 0x04710000 | 0x04710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004720000 | 0x04720000 | 0x04720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004730000 | 0x04730000 | 0x04730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004740000 | 0x04740000 | 0x04740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004750000 | 0x04750000 | 0x04750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004760000 | 0x04760000 | 0x04760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004770000 | 0x04770000 | 0x04770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004780000 | 0x04780000 | 0x04780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004790000 | 0x04790000 | 0x04790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000047a0000 | 0x047a0000 | 0x047a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000047b0000 | 0x047b0000 | 0x047b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000047c0000 | 0x047c0000 | 0x047c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000047d0000 | 0x047d0000 | 0x047d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000047e0000 | 0x047e0000 | 0x047e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000047f0000 | 0x047f0000 | 0x047f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004800000 | 0x04800000 | 0x04800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004810000 | 0x04810000 | 0x04810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004820000 | 0x04820000 | 0x04820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004830000 | 0x04830000 | 0x04830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004840000 | 0x04840000 | 0x04840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004850000 | 0x04850000 | 0x04850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004860000 | 0x04860000 | 0x04860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004870000 | 0x04870000 | 0x04870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004880000 | 0x04880000 | 0x04880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004890000 | 0x04890000 | 0x04890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000048a0000 | 0x048a0000 | 0x048a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000048b0000 | 0x048b0000 | 0x048b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000048c0000 | 0x048c0000 | 0x048c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000048d0000 | 0x048d0000 | 0x048d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000048e0000 | 0x048e0000 | 0x048e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000048f0000 | 0x048f0000 | 0x048f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004900000 | 0x04900000 | 0x04900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004910000 | 0x04910000 | 0x04910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004920000 | 0x04920000 | 0x04920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004930000 | 0x04930000 | 0x04930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004940000 | 0x04940000 | 0x04940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004950000 | 0x04950000 | 0x04950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004960000 | 0x04960000 | 0x04960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004970000 | 0x04970000 | 0x04970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004980000 | 0x04980000 | 0x04980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004990000 | 0x04990000 | 0x04990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000049a0000 | 0x049a0000 | 0x049a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000049b0000 | 0x049b0000 | 0x049b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000049c0000 | 0x049c0000 | 0x049c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000049d0000 | 0x049d0000 | 0x049d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000049e0000 | 0x049e0000 | 0x049e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000049f0000 | 0x049f0000 | 0x049f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004a00000 | 0x04a00000 | 0x04a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004a10000 | 0x04a10000 | 0x04a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004a20000 | 0x04a20000 | 0x04a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004a30000 | 0x04a30000 | 0x04a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004a40000 | 0x04a40000 | 0x04a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004a50000 | 0x04a50000 | 0x04a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004a60000 | 0x04a60000 | 0x04a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004a70000 | 0x04a70000 | 0x04a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004a80000 | 0x04a80000 | 0x04a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004a90000 | 0x04a90000 | 0x04a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004aa0000 | 0x04aa0000 | 0x04aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ab0000 | 0x04ab0000 | 0x04ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ac0000 | 0x04ac0000 | 0x04ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ad0000 | 0x04ad0000 | 0x04ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ae0000 | 0x04ae0000 | 0x04ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004af0000 | 0x04af0000 | 0x04af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b00000 | 0x04b00000 | 0x04b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b10000 | 0x04b10000 | 0x04b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b20000 | 0x04b20000 | 0x04b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b30000 | 0x04b30000 | 0x04b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b40000 | 0x04b40000 | 0x04b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b50000 | 0x04b50000 | 0x04b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b60000 | 0x04b60000 | 0x04b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b70000 | 0x04b70000 | 0x04b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b80000 | 0x04b80000 | 0x04b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004b90000 | 0x04b90000 | 0x04b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ba0000 | 0x04ba0000 | 0x04ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004bb0000 | 0x04bb0000 | 0x04bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004bc0000 | 0x04bc0000 | 0x04bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004bd0000 | 0x04bd0000 | 0x04bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004be0000 | 0x04be0000 | 0x04be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004bf0000 | 0x04bf0000 | 0x04bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004c00000 | 0x04c00000 | 0x04c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004c10000 | 0x04c10000 | 0x04c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004c20000 | 0x04c20000 | 0x04c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004c30000 | 0x04c30000 | 0x04c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004c40000 | 0x04c40000 | 0x04c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004c50000 | 0x04c50000 | 0x04c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004c60000 | 0x04c60000 | 0x04c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004c70000 | 0x04c70000 | 0x04c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004c80000 | 0x04c80000 | 0x04c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004c90000 | 0x04c90000 | 0x04c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ca0000 | 0x04ca0000 | 0x04ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004cb0000 | 0x04cb0000 | 0x04cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004cc0000 | 0x04cc0000 | 0x04cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004cd0000 | 0x04cd0000 | 0x04cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ce0000 | 0x04ce0000 | 0x04ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004cf0000 | 0x04cf0000 | 0x04cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004d00000 | 0x04d00000 | 0x04d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004d10000 | 0x04d10000 | 0x04d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004d20000 | 0x04d20000 | 0x04d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004d30000 | 0x04d30000 | 0x04d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004d40000 | 0x04d40000 | 0x04d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004d50000 | 0x04d50000 | 0x04d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004d60000 | 0x04d60000 | 0x04d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004d70000 | 0x04d70000 | 0x04d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004d80000 | 0x04d80000 | 0x04d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004d90000 | 0x04d90000 | 0x04d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004da0000 | 0x04da0000 | 0x04da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004db0000 | 0x04db0000 | 0x04db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004dc0000 | 0x04dc0000 | 0x04dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004dd0000 | 0x04dd0000 | 0x04dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004de0000 | 0x04de0000 | 0x04de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004df0000 | 0x04df0000 | 0x04df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004e00000 | 0x04e00000 | 0x04e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004e10000 | 0x04e10000 | 0x04e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004e20000 | 0x04e20000 | 0x04e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004e30000 | 0x04e30000 | 0x04e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004e40000 | 0x04e40000 | 0x04e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004e50000 | 0x04e50000 | 0x04e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004e60000 | 0x04e60000 | 0x04e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004e70000 | 0x04e70000 | 0x04e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004e80000 | 0x04e80000 | 0x04e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004e90000 | 0x04e90000 | 0x04e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ea0000 | 0x04ea0000 | 0x04ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004eb0000 | 0x04eb0000 | 0x04eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ec0000 | 0x04ec0000 | 0x04ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ed0000 | 0x04ed0000 | 0x04ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ee0000 | 0x04ee0000 | 0x04ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ef0000 | 0x04ef0000 | 0x04ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004f00000 | 0x04f00000 | 0x04f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004f10000 | 0x04f10000 | 0x04f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004f20000 | 0x04f20000 | 0x04f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004f30000 | 0x04f30000 | 0x04f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004f40000 | 0x04f40000 | 0x04f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004f50000 | 0x04f50000 | 0x04f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004f60000 | 0x04f60000 | 0x04f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004f70000 | 0x04f70000 | 0x04f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004f80000 | 0x04f80000 | 0x04f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004f90000 | 0x04f90000 | 0x04f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004fa0000 | 0x04fa0000 | 0x04fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004fb0000 | 0x04fb0000 | 0x04fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004fc0000 | 0x04fc0000 | 0x04fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004fd0000 | 0x04fd0000 | 0x04fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004fe0000 | 0x04fe0000 | 0x04fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004ff0000 | 0x04ff0000 | 0x04ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005000000 | 0x05000000 | 0x05000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005010000 | 0x05010000 | 0x05010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005020000 | 0x05020000 | 0x05020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005030000 | 0x05030000 | 0x05030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005040000 | 0x05040000 | 0x05040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005050000 | 0x05050000 | 0x05050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005060000 | 0x05060000 | 0x05060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005070000 | 0x05070000 | 0x05070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005080000 | 0x05080000 | 0x05080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005090000 | 0x05090000 | 0x05090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000050a0000 | 0x050a0000 | 0x050a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000050b0000 | 0x050b0000 | 0x050b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000050c0000 | 0x050c0000 | 0x050c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000050d0000 | 0x050d0000 | 0x050d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000050e0000 | 0x050e0000 | 0x050e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000050f0000 | 0x050f0000 | 0x050f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005100000 | 0x05100000 | 0x05100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005110000 | 0x05110000 | 0x05110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005120000 | 0x05120000 | 0x05120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005130000 | 0x05130000 | 0x05130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005140000 | 0x05140000 | 0x05140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005150000 | 0x05150000 | 0x05150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005160000 | 0x05160000 | 0x05160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005170000 | 0x05170000 | 0x05170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005180000 | 0x05180000 | 0x05180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005190000 | 0x05190000 | 0x05190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000051a0000 | 0x051a0000 | 0x051a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000051b0000 | 0x051b0000 | 0x051b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000051c0000 | 0x051c0000 | 0x051c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000051d0000 | 0x051d0000 | 0x051d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000051e0000 | 0x051e0000 | 0x051e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000051f0000 | 0x051f0000 | 0x051f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005200000 | 0x05200000 | 0x05200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005210000 | 0x05210000 | 0x05210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005220000 | 0x05220000 | 0x05220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005230000 | 0x05230000 | 0x05230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005240000 | 0x05240000 | 0x05240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005250000 | 0x05250000 | 0x05250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005260000 | 0x05260000 | 0x05260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005270000 | 0x05270000 | 0x05270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005280000 | 0x05280000 | 0x05280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005290000 | 0x05290000 | 0x05290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000052a0000 | 0x052a0000 | 0x052a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000052b0000 | 0x052b0000 | 0x052b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000052c0000 | 0x052c0000 | 0x052c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000052d0000 | 0x052d0000 | 0x052d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000052e0000 | 0x052e0000 | 0x052e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000052f0000 | 0x052f0000 | 0x052f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005300000 | 0x05300000 | 0x05300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005310000 | 0x05310000 | 0x05310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005320000 | 0x05320000 | 0x05320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005330000 | 0x05330000 | 0x05330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005340000 | 0x05340000 | 0x05340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005350000 | 0x05350000 | 0x05350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005360000 | 0x05360000 | 0x05360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005370000 | 0x05370000 | 0x05370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005380000 | 0x05380000 | 0x05380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005390000 | 0x05390000 | 0x05390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000053a0000 | 0x053a0000 | 0x053a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000053b0000 | 0x053b0000 | 0x053b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000053c0000 | 0x053c0000 | 0x053c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000053d0000 | 0x053d0000 | 0x053d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000053e0000 | 0x053e0000 | 0x053e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000053f0000 | 0x053f0000 | 0x053f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005400000 | 0x05400000 | 0x05400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005410000 | 0x05410000 | 0x05410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005420000 | 0x05420000 | 0x05420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005430000 | 0x05430000 | 0x05430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005440000 | 0x05440000 | 0x05440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005450000 | 0x05450000 | 0x05450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005460000 | 0x05460000 | 0x05460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005470000 | 0x05470000 | 0x05470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005480000 | 0x05480000 | 0x05480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005490000 | 0x05490000 | 0x05490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000054a0000 | 0x054a0000 | 0x054a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000054b0000 | 0x054b0000 | 0x054b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000054c0000 | 0x054c0000 | 0x054c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000054d0000 | 0x054d0000 | 0x054d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000054e0000 | 0x054e0000 | 0x054e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000054f0000 | 0x054f0000 | 0x054f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005500000 | 0x05500000 | 0x05500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005510000 | 0x05510000 | 0x05510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005520000 | 0x05520000 | 0x05520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005530000 | 0x05530000 | 0x05530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005540000 | 0x05540000 | 0x05540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005550000 | 0x05550000 | 0x05550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005560000 | 0x05560000 | 0x05560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005570000 | 0x05570000 | 0x05570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005580000 | 0x05580000 | 0x05580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005590000 | 0x05590000 | 0x05590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000055a0000 | 0x055a0000 | 0x055a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000055b0000 | 0x055b0000 | 0x055b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000055c0000 | 0x055c0000 | 0x055c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000055d0000 | 0x055d0000 | 0x055d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000055e0000 | 0x055e0000 | 0x055e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000055f0000 | 0x055f0000 | 0x055f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005600000 | 0x05600000 | 0x05600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005610000 | 0x05610000 | 0x05610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005620000 | 0x05620000 | 0x05620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005630000 | 0x05630000 | 0x05630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005640000 | 0x05640000 | 0x05640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005650000 | 0x05650000 | 0x05650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005660000 | 0x05660000 | 0x05660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005670000 | 0x05670000 | 0x05670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005680000 | 0x05680000 | 0x05680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005690000 | 0x05690000 | 0x05690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000056a0000 | 0x056a0000 | 0x056a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000056b0000 | 0x056b0000 | 0x056b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000056c0000 | 0x056c0000 | 0x056c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000056d0000 | 0x056d0000 | 0x056d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000056e0000 | 0x056e0000 | 0x056e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000056f0000 | 0x056f0000 | 0x056f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005700000 | 0x05700000 | 0x05700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005710000 | 0x05710000 | 0x05710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005720000 | 0x05720000 | 0x05720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005730000 | 0x05730000 | 0x05730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005740000 | 0x05740000 | 0x05740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005750000 | 0x05750000 | 0x05750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005760000 | 0x05760000 | 0x05760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005770000 | 0x05770000 | 0x05770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005780000 | 0x05780000 | 0x05780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005790000 | 0x05790000 | 0x05790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000057a0000 | 0x057a0000 | 0x057a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000057b0000 | 0x057b0000 | 0x057b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000057c0000 | 0x057c0000 | 0x057c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000057d0000 | 0x057d0000 | 0x057d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000057e0000 | 0x057e0000 | 0x057e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000057f0000 | 0x057f0000 | 0x057f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005800000 | 0x05800000 | 0x05800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005810000 | 0x05810000 | 0x05810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005820000 | 0x05820000 | 0x05820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005830000 | 0x05830000 | 0x05830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005840000 | 0x05840000 | 0x05840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005850000 | 0x05850000 | 0x05850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005860000 | 0x05860000 | 0x05860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005870000 | 0x05870000 | 0x05870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005880000 | 0x05880000 | 0x05880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005890000 | 0x05890000 | 0x05890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000058a0000 | 0x058a0000 | 0x058a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000058b0000 | 0x058b0000 | 0x058b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000058c0000 | 0x058c0000 | 0x058c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000058d0000 | 0x058d0000 | 0x058d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000058e0000 | 0x058e0000 | 0x058e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000058f0000 | 0x058f0000 | 0x058f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005900000 | 0x05900000 | 0x05900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005910000 | 0x05910000 | 0x05910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005920000 | 0x05920000 | 0x05920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005930000 | 0x05930000 | 0x05930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005940000 | 0x05940000 | 0x05940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005950000 | 0x05950000 | 0x05950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005960000 | 0x05960000 | 0x05960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005970000 | 0x05970000 | 0x05970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005980000 | 0x05980000 | 0x05980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005990000 | 0x05990000 | 0x05990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000059a0000 | 0x059a0000 | 0x059a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000059b0000 | 0x059b0000 | 0x059b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000059c0000 | 0x059c0000 | 0x059c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000059d0000 | 0x059d0000 | 0x059d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000059e0000 | 0x059e0000 | 0x059e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000059f0000 | 0x059f0000 | 0x059f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005a00000 | 0x05a00000 | 0x05a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005a10000 | 0x05a10000 | 0x05a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005a20000 | 0x05a20000 | 0x05a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005a30000 | 0x05a30000 | 0x05a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005a40000 | 0x05a40000 | 0x05a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005a50000 | 0x05a50000 | 0x05a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005a60000 | 0x05a60000 | 0x05a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005a70000 | 0x05a70000 | 0x05a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005a80000 | 0x05a80000 | 0x05a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005a90000 | 0x05a90000 | 0x05a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005aa0000 | 0x05aa0000 | 0x05aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005ab0000 | 0x05ab0000 | 0x05ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005ac0000 | 0x05ac0000 | 0x05ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005ad0000 | 0x05ad0000 | 0x05ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005ae0000 | 0x05ae0000 | 0x05ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005af0000 | 0x05af0000 | 0x05af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005b00000 | 0x05b00000 | 0x05b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005b10000 | 0x05b10000 | 0x05b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005b20000 | 0x05b20000 | 0x05b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005b30000 | 0x05b30000 | 0x05b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005b40000 | 0x05b40000 | 0x05b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005b50000 | 0x05b50000 | 0x05b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005b60000 | 0x05b60000 | 0x05b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005b70000 | 0x05b70000 | 0x05b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005b80000 | 0x05b80000 | 0x05b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005b90000 | 0x05b90000 | 0x05b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005ba0000 | 0x05ba0000 | 0x05ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005bb0000 | 0x05bb0000 | 0x05bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005bc0000 | 0x05bc0000 | 0x05bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005bd0000 | 0x05bd0000 | 0x05bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005be0000 | 0x05be0000 | 0x05be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005bf0000 | 0x05bf0000 | 0x05bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005c00000 | 0x05c00000 | 0x05c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005c10000 | 0x05c10000 | 0x05c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005c20000 | 0x05c20000 | 0x05c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005c30000 | 0x05c30000 | 0x05c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005c40000 | 0x05c40000 | 0x05c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005c50000 | 0x05c50000 | 0x05c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005c60000 | 0x05c60000 | 0x05c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005c70000 | 0x05c70000 | 0x05c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005c80000 | 0x05c80000 | 0x05c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005c90000 | 0x05c90000 | 0x05c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005ca0000 | 0x05ca0000 | 0x05ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005cb0000 | 0x05cb0000 | 0x05cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005cc0000 | 0x05cc0000 | 0x05cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005cd0000 | 0x05cd0000 | 0x05cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005ce0000 | 0x05ce0000 | 0x05ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005cf0000 | 0x05cf0000 | 0x05cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005d00000 | 0x05d00000 | 0x05d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005d10000 | 0x05d10000 | 0x05d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005d20000 | 0x05d20000 | 0x05d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005d30000 | 0x05d30000 | 0x05d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005d40000 | 0x05d40000 | 0x05d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005d50000 | 0x05d50000 | 0x05d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005d60000 | 0x05d60000 | 0x05d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005d70000 | 0x05d70000 | 0x05d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005d80000 | 0x05d80000 | 0x05d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005d90000 | 0x05d90000 | 0x05d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005da0000 | 0x05da0000 | 0x05da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005db0000 | 0x05db0000 | 0x05db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005dc0000 | 0x05dc0000 | 0x05dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005dd0000 | 0x05dd0000 | 0x05dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005de0000 | 0x05de0000 | 0x05de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005df0000 | 0x05df0000 | 0x05df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005e00000 | 0x05e00000 | 0x05e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005e10000 | 0x05e10000 | 0x05e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005e20000 | 0x05e20000 | 0x05e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005e30000 | 0x05e30000 | 0x05e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000005e40000 | 0x05e40000 | 0x05e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000104d0000 | 0x104d0000 | 0x1052bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f9fc000 | 0x7f9fc000 | 0x7f9fcfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x0000000d6bd80000 | 0xd6bd80000 | 0xd6bd9ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000d6bda0000 | 0xd6bda0000 | 0xd6bdb3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000d6bdc0000 | 0xd6bdc0000 | 0xd6bebffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000d6bec0000 | 0xd6bec0000 | 0xd6bec3fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000d6bed0000 | 0xd6bed0000 | 0xd6bed0fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000d6bee0000 | 0xd6bee0000 | 0xd6bee1fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff920000 | 0x7df5ff920000 | 0x7ff5ff91ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fcea0000 | 0x7ff7fcea0000 | 0x7ff7fcec2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fcec9000 | 0x7ff7fcec9000 | 0x7ff7fcec9fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fcece000 | 0x7ff7fcece000 | 0x7ff7fcecffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xd80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xd90000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xda0000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdb0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdc0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xde0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xdf0000, size = 21 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe00000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe20000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe30000, size = 21 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe40000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe60000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe70000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xe90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xea0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xeb0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xec0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xed0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xee0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xef0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf00000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf20000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf30000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf40000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf60000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf70000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xf90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfa0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfb0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfc0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xfe0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0xff0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1000000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1010000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1020000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1030000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1040000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1050000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1060000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1070000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1080000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1090000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x10f0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1100000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1110000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1120000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1130000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1140000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1150000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1160000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1170000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1180000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1190000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x11f0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1200000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1210000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1220000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1230000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1240000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1250000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1260000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1270000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1280000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1290000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x12f0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1300000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1310000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1320000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1330000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1340000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1350000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1360000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1370000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1380000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1390000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x13a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x13b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x13c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x13d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x13e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x13f0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1400000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1410000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1420000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1430000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1440000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1450000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1460000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1470000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1480000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1490000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x14a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x14b0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x14c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x14d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x14e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x14f0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1500000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1510000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1520000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1530000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1540000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1550000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1560000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1570000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1580000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1590000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x15a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x15b0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x15c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x15d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x15e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x15f0000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1600000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1610000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1620000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1630000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1640000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1650000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1660000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1670000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1680000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1690000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x16a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x16b0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x16c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x16d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x16e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x16f0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1700000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1710000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1720000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1730000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1740000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1750000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1760000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1770000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1780000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1790000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x17a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x17b0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x17c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x17d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x17e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x17f0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1800000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1810000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1820000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1830000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1840000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1850000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1860000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1870000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1880000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1890000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x18a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x18b0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x18c0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x18d0000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x18e0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x18f0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1900000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1910000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1920000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1930000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1940000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1950000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1960000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1970000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1980000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1990000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x19a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x19b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x19c0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x19d0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x19e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x19f0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1a00000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1a10000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1a20000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1a30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1a40000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1a50000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1a60000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1a70000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1a80000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1a90000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1aa0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1ab0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1ac0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1ad0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1ae0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1af0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1b00000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1b10000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1b20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1b30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1b40000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1b50000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1b60000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1b70000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1b80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1b90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1ba0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1bb0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1bc0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1bd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1be0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1bf0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1c00000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1c10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1c20000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1c30000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1c40000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1c50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1c60000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1c70000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1c80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1c90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1ca0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1cb0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1cc0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1cd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1ce0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1cf0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1d00000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1d10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1d20000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1d30000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1d40000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1d50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1d60000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1d70000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1d80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1d90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1da0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1db0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1dc0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1dd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1de0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1df0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1e00000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1e10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1e20000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1e30000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1e40000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1e50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1e60000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1e70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1e80000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1e90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1ea0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1eb0000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1ec0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1ed0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1ee0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1ef0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1f00000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1f10000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1f20000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1f30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1f40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1f50000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1f60000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1f70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1f80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1f90000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1fa0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1fb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1fc0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1fd0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1fe0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x1ff0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2000000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2010000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2020000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2030000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2040000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2050000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2060000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2070000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2080000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2090000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x20a0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x20b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x20c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x20d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x20e0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x20f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2100000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2110000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2120000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2130000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2140000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2150000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2160000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2170000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2180000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2190000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x21a0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x21b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x21c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x21d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x21e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x21f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2200000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2210000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2220000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2230000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2240000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2250000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2260000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2270000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2280000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2290000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x22a0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x22b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x22c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x22d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x22e0000, size = 6 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x22f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2300000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2310000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2320000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2330000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2340000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2350000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2360000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2370000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2380000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2390000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x23a0000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x23b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x23c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x23d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x23e0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x23f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2400000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2410000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2420000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2430000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2440000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2450000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2460000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2470000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2480000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2490000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x24a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x24b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x24c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x24d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x24e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x24f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2500000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2510000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2520000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2530000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2540000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2550000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2560000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2570000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2580000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2590000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x25a0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x25b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x25c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x25d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x25e0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x25f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2600000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2610000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2620000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2630000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2640000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2650000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2660000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2670000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2680000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2690000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x26a0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x26b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x26c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x26d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x26e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x26f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2700000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2710000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2720000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2730000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2740000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2750000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2760000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2770000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2780000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2790000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x27a0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x27b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x27c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x27d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x27e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x27f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2800000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2820000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2830000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2840000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2860000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2870000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2880000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x28a0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x28b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x28c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x28d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x28e0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x28f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2900000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2910000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2920000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2930000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2940000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2960000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2970000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2980000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x29a0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x29b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x29c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x29e0000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x29f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2a00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2a20000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2a30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2a40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2a60000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2a70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2a80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2aa0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2ab0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2ac0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2ae0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2af0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2b00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2b20000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2b30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2b40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2b50000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2b60000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2b70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2b80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2b90000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2ba0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2bb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2bc0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2bd0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2be0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2bf0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2c00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2c10000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2c20000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2c30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2c40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2c50000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2c60000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2c70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2c80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2ca0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2cb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2cc0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2ce0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2cf0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2d00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2d20000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2d30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2d40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2d60000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2d70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2d80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2da0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2db0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2dc0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2de0000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2df0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2e00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2e20000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2e30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2e40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2e60000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2e70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2e80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2ea0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2eb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2ec0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2ee0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2ef0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2f00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2f20000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2f30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2f40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2f60000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2f70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2f80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2fa0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2fb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2fc0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2fe0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x2ff0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3000000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3010000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3020000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3030000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3040000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3060000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3070000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3080000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x30a0000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x30b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x30c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x30e0000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x30f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3100000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3110000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3120000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3130000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3140000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3150000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3160000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3170000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3180000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3190000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x31a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x31b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x31c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x31d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x31e0000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x31f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3200000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3210000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3220000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3230000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3240000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3250000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3260000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3270000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3280000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3290000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x32a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x32b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x32c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x32d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x32e0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x32f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3300000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3310000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3320000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3330000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3340000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3350000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3360000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3370000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3380000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3390000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x33a0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x33b0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x33c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x33d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x33e0000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x33f0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3400000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3410000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3420000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3430000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3440000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3450000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3460000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3470000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3480000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3490000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x34a0000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x34b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x34c0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x34d0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x34e0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3500000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3510000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3520000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3540000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3550000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3560000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3570000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3580000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3590000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x35a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x35b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x35c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x35d0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x35e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x35f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3600000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3610000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3620000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3630000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3640000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3650000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3660000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3670000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3680000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3690000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x36a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x36b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x36c0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x36d0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x36e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3700000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3710000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3720000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3730000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3740000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3750000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3760000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3770000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3780000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3790000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x37a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x37b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x37c0000, size = 23 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x37d0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x37e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x37f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3800000, size = 7 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3810000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3820000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3830000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3840000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3850000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3860000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3870000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3880000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3890000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x38a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x38b0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x38c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x38d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x38e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x38f0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3900000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3910000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3920000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3930000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3940000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3950000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3960000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3970000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3980000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3990000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x39a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x39c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x39d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x39e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x39f0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3a00000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3a10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3a20000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3a30000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3a40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3a50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3a60000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3a70000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3a80000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3a90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3aa0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3ab0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3ac0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3ad0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3ae0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3af0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3b00000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3b10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3b20000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3b30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3b40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3b50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3b60000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3b70000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3b80000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3b90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3ba0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3bb0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3bc0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3bd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3be0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3bf0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3c00000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3c20000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3c30000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3c40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3c60000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3c70000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3c80000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3c90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3ca0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3cb0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3cc0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3cd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3ce0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3cf0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3d00000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3d10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3d20000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3d30000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3d40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3d50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3d60000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3d70000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3d80000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3d90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3da0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3db0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3dc0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3dd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3de0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3df0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3e00000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3e10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3e20000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3e30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3e40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3e50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3e60000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3e80000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3e90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3ea0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3ec0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3ed0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3ee0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3ef0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3f00000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3f10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3f20000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3f30000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3f40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3f50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3f60000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3f70000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3f80000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3f90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3fa0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3fb0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3fc0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3fd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3fe0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x3ff0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4000000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4010000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4020000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4030000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4040000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4050000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4070000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4080000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4090000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x40b0000, size = 21 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x40c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x40d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x40e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x40f0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4100000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4110000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4140000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4150000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4160000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4180000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4190000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x41a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x41b0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x41c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x41d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x41e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x41f0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4200000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4210000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4220000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4230000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4240000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4250000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4260000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4270000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4280000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4290000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x42a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x42b0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x42c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x42d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x42f0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4300000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4310000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4330000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4340000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4350000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4370000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4380000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4390000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x43b0000, size = 23 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x43c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x43e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x43f0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4400000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4420000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4440000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4450000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4460000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4470000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4490000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x44a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x44b0000, size = 6 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x44c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x44d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x44e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x44f0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4500000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4510000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4520000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4530000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4540000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4550000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4560000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4570000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4580000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4590000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x45a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x45b0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x45c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x45d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x45f0000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4600000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4610000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4630000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4640000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4650000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4670000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4680000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4690000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x46c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x46d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x46e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4700000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4710000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4720000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4740000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4750000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4760000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4770000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4780000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4790000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x47a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x47b0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x47c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x47e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x47f0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4800000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4810000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4830000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4840000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4850000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4870000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4880000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4890000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x48b0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x48c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x48d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x48f0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4900000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4910000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4930000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4940000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4950000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4970000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4980000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4990000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x49b0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x49c0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x49d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x49e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x49f0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4a00000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4a10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4a20000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4a30000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4a40000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4a50000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4a60000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4a70000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4a80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4a90000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4aa0000, size = 26 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4ab0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4ac0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4ad0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4ae0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4af0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b00000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b10000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b20000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b30000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b40000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b60000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b70000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4b80000, size = 18 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4ba0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4bb0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4bc0000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4be0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4bf0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4c00000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4c20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4c30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4c40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4c60000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4c70000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4c80000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4c90000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4cb0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4cc0000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4cd0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4cf0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4d00000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4d10000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4d30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4d40000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4d50000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4d70000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4d80000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4d90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4db0000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4dc0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4de0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4df0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4e00000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4e10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4e30000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4e40000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4e50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4e70000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4e80000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4e90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4eb0000, size = 7 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4ec0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4ed0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4ef0000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4f00000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4f10000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4f30000, size = 5 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4f40000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4f50000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4f70000, size = 7 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4f80000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4f90000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4fb0000, size = 5 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4fc0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4fd0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x4ff0000, size = 6 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5000000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5010000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5020000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5030000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5040000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5050000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5060000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5070000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5080000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5090000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x50a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x50c0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x50d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x50e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5100000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5110000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5120000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5130000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5140000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5150000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5160000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5170000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5180000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5190000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x51a0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x51b0000, size = 8 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x51c0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x51d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x51e0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x51f0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5210000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5220000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5240000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5250000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5260000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5280000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5290000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x52a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x52c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x52d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x52e0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5300000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5310000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5320000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5330000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5340000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5350000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5360000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5370000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5380000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5390000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x53a0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x53b0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x53c0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x53d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x53e0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5400000, size = 21 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5410000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5430000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5440000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5450000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5460000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5470000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5480000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5490000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x54a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x54b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x54c0000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x54d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x54e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x54f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5500000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5510000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5520000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5530000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5540000, size = 26 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5550000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5560000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5570000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5580000, size = 28 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5590000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x55a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x55b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x55c0000, size = 30 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x55d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x55e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x55f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5600000, size = 25 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5610000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5620000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5630000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5640000, size = 27 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5650000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5660000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5670000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5680000, size = 24 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5690000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x56a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x56b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x56c0000, size = 28 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x56d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x56e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x56f0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5700000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5710000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5720000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5730000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5740000, size = 17 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5750000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5760000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5770000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5780000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5790000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x57a0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x57b0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x57c0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x57d0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x57e0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5800000, size = 9 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5820000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5830000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5840000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5850000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5860000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5870000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5880000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5890000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x58a0000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x58c0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x58d0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5900000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5910000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5920000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5940000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5950000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5960000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5980000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5990000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x59a0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x59c0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x59d0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x59e0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x59f0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5a00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5a10000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5a20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5a30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5a40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5a50000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5a60000, size = 14 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5a70000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5a80000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5aa0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5ac0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | | 1 | ||
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5ae0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5af0000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5b00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5b10000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5b20000, size = 19 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5b30000, size = 13 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5b40000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5b50000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5b60000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5b70000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5b80000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5b90000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5ba0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5bb0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5bc0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5bd0000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5be0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5bf0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5c00000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5c10000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5c20000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5c30000, size = 210 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5c40000, size = 22 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5c50000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5c60000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5c70000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5c80000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5c90000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5ca0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5cb0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5cc0000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5cd0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5ce0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5cf0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5d00000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5d10000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5d20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5d30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5d40000, size = 11 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5d50000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5d60000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5d70000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5d80000, size = 12 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5d90000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5da0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5db0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5dc0000, size = 16 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5dd0000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5de0000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5df0000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5e00000, size = 15 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5e10000, size = 10 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5e20000, size = 20 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5e30000, size = 142 | | 1 | |
| Modify Memory | c:\users\wi2yhmti onvscy7pe\desktop\1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe | 0xccc | address = 0x5e40000, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #5 / 0x11ac |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:07, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:28 |
| OS Thread IDs | #418 0x11B0 #419 0x11B4 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000200000 | 0x00200000 | 0x00200fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000240000 | 0x00240000 | 0x0024ffff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x00250000 | 0x0030dfff | Memory Mapped File | Readable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x0067ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x0078ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x0088ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008affff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000008b0000 | 0x008b0000 | 0x00a37fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000a40000 | 0x00a40000 | 0x00bc0fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000bd0000 | 0x00bd0000 | 0x01fcffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000001fd0000 | 0x01fd0000 | 0x020cffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000020d0000 | 0x020d0000 | 0x022cffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile | |
|---|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | ||
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | ||
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | ||
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | ||
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | ||
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | ||
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x11ac | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | ||
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | ||
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | ||
| FILE | CREATE_DIR | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install | | 1 | ||
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | ||
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | ||
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | ||
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | ||
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | ||
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x11c0, os_pid = 0x11bc, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | ||
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1dc, os_pid = 0x11bc, proc_address = 0x260000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 19 | | 1 | ||
| MEM | ALLOC | address = 0x280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x2a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x2a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x2b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 21 | | 1 | ||
| MEM | ALLOC | address = 0x2c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x2d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x2e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 21 | | 1 | ||
| MEM | ALLOC | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x320000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x360000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x3a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x3e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x420000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x460000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x4a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x4e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x520000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x560000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x5a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x5e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x620000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x660000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x6a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x6e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 25 | | 1 | ||
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x720000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x760000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x7a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x7e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x820000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x860000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x8a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x8e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x920000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x960000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x9a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x9e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xa20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xa60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xaa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 8 | | 1 | ||
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xae0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xb20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xb60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xba0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xbe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 19 | | 1 | ||
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xc20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xc60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xca0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xce0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xd20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xd60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1dc, os_pid = 0x11bc, proc_address = 0xd90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xdd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xe10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1dc, os_pid = 0x11bc, proc_address = 0xe40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xe80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xec0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xf00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1dc, os_pid = 0x11bc, proc_address = 0xf30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xf70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xfb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 18, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 18 | | 1 | ||
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0xff0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1dc, os_pid = 0x11bc, proc_address = 0x1020000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x1060000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x10a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x10e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x1120000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x1160000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11bc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11bc, proc_address = 0x11a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| For performance reasons, the remaining 2872 entries are omitted. Click to download all 3872 entries as text file (3.28 MB). | ||||||
| Information | Value |
|---|---|
| ID / OS PID | #6 / 0x11bc |
| OS Parent PID | 0x11ac (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:10, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:25 |
| OS Thread IDs | #420 0x11C0 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000240000 | 0x00240000 | 0x00240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000250000 | 0x00250000 | 0x00250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000260000 | 0x00260000 | 0x00260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000270000 | 0x00270000 | 0x00270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x00280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000290000 | 0x00290000 | 0x00290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002a0000 | 0x002a0000 | 0x002a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000300000 | 0x00300000 | 0x00300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000310000 | 0x00310000 | 0x00310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000320000 | 0x00320000 | 0x00320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000330000 | 0x00330000 | 0x00330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000340000 | 0x00340000 | 0x00340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000350000 | 0x00350000 | 0x00350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000360000 | 0x00360000 | 0x00360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000370000 | 0x00370000 | 0x00370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000380000 | 0x00380000 | 0x00380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000390000 | 0x00390000 | 0x00390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003a0000 | 0x003a0000 | 0x003a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003c0000 | 0x003c0000 | 0x003c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000400000 | 0x00400000 | 0x00400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000410000 | 0x00410000 | 0x00410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000420000 | 0x00420000 | 0x00420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000430000 | 0x00430000 | 0x00430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000440000 | 0x00440000 | 0x00440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000450000 | 0x00450000 | 0x00450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000460000 | 0x00460000 | 0x00460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000470000 | 0x00470000 | 0x00470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000480000 | 0x00480000 | 0x00480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000490000 | 0x00490000 | 0x00490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004a0000 | 0x004a0000 | 0x004a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004b0000 | 0x004b0000 | 0x004b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004c0000 | 0x004c0000 | 0x004c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004f0000 | 0x004f0000 | 0x004f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000500000 | 0x00500000 | 0x00500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000520000 | 0x00520000 | 0x00520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000530000 | 0x00530000 | 0x00530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000550000 | 0x00550000 | 0x00550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000560000 | 0x00560000 | 0x00560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000570000 | 0x00570000 | 0x00570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x00580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000590000 | 0x00590000 | 0x00590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005a0000 | 0x005a0000 | 0x005a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005b0000 | 0x005b0000 | 0x005b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005c0000 | 0x005c0000 | 0x005c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005d0000 | 0x005d0000 | 0x005d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005e0000 | 0x005e0000 | 0x005e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000600000 | 0x00600000 | 0x00600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x00750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x00760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007f0000 | 0x007f0000 | 0x007f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000810000 | 0x00810000 | 0x00810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000890000 | 0x00890000 | 0x00890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001370000 | 0x01370000 | 0x01370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001380000 | 0x01380000 | 0x01380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001390000 | 0x01390000 | 0x01390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013a0000 | 0x013a0000 | 0x013a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013b0000 | 0x013b0000 | 0x013b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013c0000 | 0x013c0000 | 0x013c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013d0000 | 0x013d0000 | 0x013d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013e0000 | 0x013e0000 | 0x013e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013f0000 | 0x013f0000 | 0x013f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001400000 | 0x01400000 | 0x01400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001410000 | 0x01410000 | 0x01410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001420000 | 0x01420000 | 0x01420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001430000 | 0x01430000 | 0x01430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001440000 | 0x01440000 | 0x01440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001450000 | 0x01450000 | 0x01450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001460000 | 0x01460000 | 0x01460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001470000 | 0x01470000 | 0x01470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001480000 | 0x01480000 | 0x01480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001490000 | 0x01490000 | 0x01490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014a0000 | 0x014a0000 | 0x014a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014b0000 | 0x014b0000 | 0x014b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014c0000 | 0x014c0000 | 0x014c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014d0000 | 0x014d0000 | 0x014d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014e0000 | 0x014e0000 | 0x014e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014f0000 | 0x014f0000 | 0x014f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001500000 | 0x01500000 | 0x01500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001510000 | 0x01510000 | 0x01510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001520000 | 0x01520000 | 0x01520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001530000 | 0x01530000 | 0x01530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001540000 | 0x01540000 | 0x01540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001550000 | 0x01550000 | 0x01550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001560000 | 0x01560000 | 0x01560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001570000 | 0x01570000 | 0x01570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001580000 | 0x01580000 | 0x01580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001590000 | 0x01590000 | 0x01590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015a0000 | 0x015a0000 | 0x015a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015b0000 | 0x015b0000 | 0x015b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015c0000 | 0x015c0000 | 0x015c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015d0000 | 0x015d0000 | 0x015d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015e0000 | 0x015e0000 | 0x015e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015f0000 | 0x015f0000 | 0x015f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001600000 | 0x01600000 | 0x01600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001610000 | 0x01610000 | 0x01610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001620000 | 0x01620000 | 0x01620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001630000 | 0x01630000 | 0x01630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001640000 | 0x01640000 | 0x01640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001650000 | 0x01650000 | 0x01650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001660000 | 0x01660000 | 0x01660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001670000 | 0x01670000 | 0x01670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001680000 | 0x01680000 | 0x01680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001690000 | 0x01690000 | 0x01690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016a0000 | 0x016a0000 | 0x016a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016b0000 | 0x016b0000 | 0x016b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016c0000 | 0x016c0000 | 0x016c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016d0000 | 0x016d0000 | 0x016d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016e0000 | 0x016e0000 | 0x016e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016f0000 | 0x016f0000 | 0x016f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001700000 | 0x01700000 | 0x01700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001710000 | 0x01710000 | 0x01710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001720000 | 0x01720000 | 0x01720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001730000 | 0x01730000 | 0x01730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001740000 | 0x01740000 | 0x01740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001750000 | 0x01750000 | 0x01750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001760000 | 0x01760000 | 0x01760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001770000 | 0x01770000 | 0x01770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001780000 | 0x01780000 | 0x01780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001790000 | 0x01790000 | 0x01790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017a0000 | 0x017a0000 | 0x017a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017b0000 | 0x017b0000 | 0x017b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017c0000 | 0x017c0000 | 0x017c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017d0000 | 0x017d0000 | 0x017d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017e0000 | 0x017e0000 | 0x017e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017f0000 | 0x017f0000 | 0x017f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001800000 | 0x01800000 | 0x01800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001810000 | 0x01810000 | 0x01810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001820000 | 0x01820000 | 0x01820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001830000 | 0x01830000 | 0x01830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001840000 | 0x01840000 | 0x01840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001850000 | 0x01850000 | 0x01850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001860000 | 0x01860000 | 0x01860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001870000 | 0x01870000 | 0x01870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001880000 | 0x01880000 | 0x01880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001890000 | 0x01890000 | 0x01890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018a0000 | 0x018a0000 | 0x018a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018b0000 | 0x018b0000 | 0x018b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018c0000 | 0x018c0000 | 0x018c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018d0000 | 0x018d0000 | 0x018d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018e0000 | 0x018e0000 | 0x018e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018f0000 | 0x018f0000 | 0x018f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001900000 | 0x01900000 | 0x01900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001910000 | 0x01910000 | 0x01910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001920000 | 0x01920000 | 0x01920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001930000 | 0x01930000 | 0x01930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001940000 | 0x01940000 | 0x01940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001950000 | 0x01950000 | 0x01950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001960000 | 0x01960000 | 0x01960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001970000 | 0x01970000 | 0x01970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001980000 | 0x01980000 | 0x01980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001990000 | 0x01990000 | 0x01990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019a0000 | 0x019a0000 | 0x019a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019b0000 | 0x019b0000 | 0x019b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019c0000 | 0x019c0000 | 0x019c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019d0000 | 0x019d0000 | 0x019d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019e0000 | 0x019e0000 | 0x019e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019f0000 | 0x019f0000 | 0x019f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a00000 | 0x01a00000 | 0x01a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a10000 | 0x01a10000 | 0x01a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a20000 | 0x01a20000 | 0x01a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a30000 | 0x01a30000 | 0x01a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a40000 | 0x01a40000 | 0x01a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a50000 | 0x01a50000 | 0x01a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a60000 | 0x01a60000 | 0x01a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a70000 | 0x01a70000 | 0x01a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a80000 | 0x01a80000 | 0x01a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a90000 | 0x01a90000 | 0x01a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001aa0000 | 0x01aa0000 | 0x01aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ab0000 | 0x01ab0000 | 0x01ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ac0000 | 0x01ac0000 | 0x01ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ad0000 | 0x01ad0000 | 0x01ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ae0000 | 0x01ae0000 | 0x01ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001af0000 | 0x01af0000 | 0x01af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b00000 | 0x01b00000 | 0x01b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b10000 | 0x01b10000 | 0x01b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b20000 | 0x01b20000 | 0x01b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b30000 | 0x01b30000 | 0x01b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b40000 | 0x01b40000 | 0x01b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b50000 | 0x01b50000 | 0x01b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b60000 | 0x01b60000 | 0x01b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b70000 | 0x01b70000 | 0x01b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b80000 | 0x01b80000 | 0x01b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b90000 | 0x01b90000 | 0x01b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ba0000 | 0x01ba0000 | 0x01ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bb0000 | 0x01bb0000 | 0x01bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bc0000 | 0x01bc0000 | 0x01bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bd0000 | 0x01bd0000 | 0x01bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001be0000 | 0x01be0000 | 0x01be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bf0000 | 0x01bf0000 | 0x01bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c00000 | 0x01c00000 | 0x01c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c10000 | 0x01c10000 | 0x01c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c20000 | 0x01c20000 | 0x01c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c30000 | 0x01c30000 | 0x01c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c40000 | 0x01c40000 | 0x01c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c50000 | 0x01c50000 | 0x01c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c60000 | 0x01c60000 | 0x01c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c70000 | 0x01c70000 | 0x01c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c80000 | 0x01c80000 | 0x01c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c90000 | 0x01c90000 | 0x01c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ca0000 | 0x01ca0000 | 0x01ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cb0000 | 0x01cb0000 | 0x01cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cc0000 | 0x01cc0000 | 0x01cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cd0000 | 0x01cd0000 | 0x01cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ce0000 | 0x01ce0000 | 0x01ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cf0000 | 0x01cf0000 | 0x01cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d00000 | 0x01d00000 | 0x01d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d10000 | 0x01d10000 | 0x01d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d20000 | 0x01d20000 | 0x01d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d30000 | 0x01d30000 | 0x01d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d40000 | 0x01d40000 | 0x01d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d50000 | 0x01d50000 | 0x01d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d60000 | 0x01d60000 | 0x01d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d70000 | 0x01d70000 | 0x01d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d80000 | 0x01d80000 | 0x01d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d90000 | 0x01d90000 | 0x01d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001da0000 | 0x01da0000 | 0x01da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001db0000 | 0x01db0000 | 0x01db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001dc0000 | 0x01dc0000 | 0x01dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001dd0000 | 0x01dd0000 | 0x01dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001de0000 | 0x01de0000 | 0x01de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001df0000 | 0x01df0000 | 0x01df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e00000 | 0x01e00000 | 0x01e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e10000 | 0x01e10000 | 0x01e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e20000 | 0x01e20000 | 0x01e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e30000 | 0x01e30000 | 0x01e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e40000 | 0x01e40000 | 0x01e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e50000 | 0x01e50000 | 0x01e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e60000 | 0x01e60000 | 0x01e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e70000 | 0x01e70000 | 0x01e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e80000 | 0x01e80000 | 0x01e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e90000 | 0x01e90000 | 0x01e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ea0000 | 0x01ea0000 | 0x01ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001eb0000 | 0x01eb0000 | 0x01eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ec0000 | 0x01ec0000 | 0x01ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ed0000 | 0x01ed0000 | 0x01ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ee0000 | 0x01ee0000 | 0x01ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ef0000 | 0x01ef0000 | 0x01ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f00000 | 0x01f00000 | 0x01f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f10000 | 0x01f10000 | 0x01f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f20000 | 0x01f20000 | 0x01f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f30000 | 0x01f30000 | 0x01f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f40000 | 0x01f40000 | 0x01f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f50000 | 0x01f50000 | 0x01f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f60000 | 0x01f60000 | 0x01f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f70000 | 0x01f70000 | 0x01f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f80000 | 0x01f80000 | 0x01f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f90000 | 0x01f90000 | 0x01f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fa0000 | 0x01fa0000 | 0x01fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fb0000 | 0x01fb0000 | 0x01fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fc0000 | 0x01fc0000 | 0x01fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fd0000 | 0x01fd0000 | 0x01fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fe0000 | 0x01fe0000 | 0x01fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ff0000 | 0x01ff0000 | 0x01ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002000000 | 0x02000000 | 0x02000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002010000 | 0x02010000 | 0x02010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002020000 | 0x02020000 | 0x02020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002030000 | 0x02030000 | 0x02030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002040000 | 0x02040000 | 0x02040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002050000 | 0x02050000 | 0x02050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002060000 | 0x02060000 | 0x02060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002070000 | 0x02070000 | 0x02070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002080000 | 0x02080000 | 0x02080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002090000 | 0x02090000 | 0x02090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020a0000 | 0x020a0000 | 0x020a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020b0000 | 0x020b0000 | 0x020b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020c0000 | 0x020c0000 | 0x020c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020d0000 | 0x020d0000 | 0x020d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020e0000 | 0x020e0000 | 0x020e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020f0000 | 0x020f0000 | 0x020f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002100000 | 0x02100000 | 0x02100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002110000 | 0x02110000 | 0x02110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002120000 | 0x02120000 | 0x02120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002130000 | 0x02130000 | 0x02130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002140000 | 0x02140000 | 0x02140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002150000 | 0x02150000 | 0x02150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002160000 | 0x02160000 | 0x02160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002170000 | 0x02170000 | 0x02170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002180000 | 0x02180000 | 0x02180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002190000 | 0x02190000 | 0x02190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021a0000 | 0x021a0000 | 0x021a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021b0000 | 0x021b0000 | 0x021b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021c0000 | 0x021c0000 | 0x021c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021d0000 | 0x021d0000 | 0x021d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021e0000 | 0x021e0000 | 0x021e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021f0000 | 0x021f0000 | 0x021f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002200000 | 0x02200000 | 0x02200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002210000 | 0x02210000 | 0x02210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002220000 | 0x02220000 | 0x02220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002230000 | 0x02230000 | 0x02230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002240000 | 0x02240000 | 0x02240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002250000 | 0x02250000 | 0x02250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002260000 | 0x02260000 | 0x02260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002270000 | 0x02270000 | 0x02270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002280000 | 0x02280000 | 0x02280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002290000 | 0x02290000 | 0x02290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022a0000 | 0x022a0000 | 0x022a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022b0000 | 0x022b0000 | 0x022b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022c0000 | 0x022c0000 | 0x022c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022d0000 | 0x022d0000 | 0x022d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022e0000 | 0x022e0000 | 0x022e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022f0000 | 0x022f0000 | 0x022f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002300000 | 0x02300000 | 0x02300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002310000 | 0x02310000 | 0x02310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002320000 | 0x02320000 | 0x02320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002330000 | 0x02330000 | 0x02330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002340000 | 0x02340000 | 0x02340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002350000 | 0x02350000 | 0x02350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002360000 | 0x02360000 | 0x02360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002370000 | 0x02370000 | 0x02370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002380000 | 0x02380000 | 0x02380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002390000 | 0x02390000 | 0x02390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023a0000 | 0x023a0000 | 0x023a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023b0000 | 0x023b0000 | 0x023b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023c0000 | 0x023c0000 | 0x023c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023d0000 | 0x023d0000 | 0x023d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023e0000 | 0x023e0000 | 0x023e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023f0000 | 0x023f0000 | 0x023f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002400000 | 0x02400000 | 0x02400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002410000 | 0x02410000 | 0x02410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002420000 | 0x02420000 | 0x02420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002430000 | 0x02430000 | 0x02430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002440000 | 0x02440000 | 0x02440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002450000 | 0x02450000 | 0x02450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002460000 | 0x02460000 | 0x02460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002470000 | 0x02470000 | 0x02470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002480000 | 0x02480000 | 0x02480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002490000 | 0x02490000 | 0x02490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024a0000 | 0x024a0000 | 0x024a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024b0000 | 0x024b0000 | 0x024b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024c0000 | 0x024c0000 | 0x024c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024d0000 | 0x024d0000 | 0x024d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024e0000 | 0x024e0000 | 0x024e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024f0000 | 0x024f0000 | 0x024f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002500000 | 0x02500000 | 0x02500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002510000 | 0x02510000 | 0x02510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002520000 | 0x02520000 | 0x02520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002530000 | 0x02530000 | 0x02530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002540000 | 0x02540000 | 0x02540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002550000 | 0x02550000 | 0x02550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002560000 | 0x02560000 | 0x02560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002570000 | 0x02570000 | 0x02570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002580000 | 0x02580000 | 0x02580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002590000 | 0x02590000 | 0x02590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025a0000 | 0x025a0000 | 0x025a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025b0000 | 0x025b0000 | 0x025b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025c0000 | 0x025c0000 | 0x025c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025d0000 | 0x025d0000 | 0x025d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025e0000 | 0x025e0000 | 0x025e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025f0000 | 0x025f0000 | 0x025f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002600000 | 0x02600000 | 0x02600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002610000 | 0x02610000 | 0x02610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002620000 | 0x02620000 | 0x02620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002630000 | 0x02630000 | 0x02630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002640000 | 0x02640000 | 0x02640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002650000 | 0x02650000 | 0x02650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002660000 | 0x02660000 | 0x02660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002670000 | 0x02670000 | 0x02670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002680000 | 0x02680000 | 0x02680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002690000 | 0x02690000 | 0x02690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026a0000 | 0x026a0000 | 0x026a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026b0000 | 0x026b0000 | 0x026b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026c0000 | 0x026c0000 | 0x026c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026d0000 | 0x026d0000 | 0x026d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026e0000 | 0x026e0000 | 0x026e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026f0000 | 0x026f0000 | 0x026f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002700000 | 0x02700000 | 0x02700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002710000 | 0x02710000 | 0x02710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002720000 | 0x02720000 | 0x02720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002730000 | 0x02730000 | 0x02730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002740000 | 0x02740000 | 0x02740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002750000 | 0x02750000 | 0x02750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002760000 | 0x02760000 | 0x02760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002770000 | 0x02770000 | 0x02770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002780000 | 0x02780000 | 0x02780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002790000 | 0x02790000 | 0x02790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027a0000 | 0x027a0000 | 0x027a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027b0000 | 0x027b0000 | 0x027b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027c0000 | 0x027c0000 | 0x027c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027d0000 | 0x027d0000 | 0x027d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027e0000 | 0x027e0000 | 0x027e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027f0000 | 0x027f0000 | 0x027f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002800000 | 0x02800000 | 0x02800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002810000 | 0x02810000 | 0x02810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002820000 | 0x02820000 | 0x02820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002830000 | 0x02830000 | 0x02830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002840000 | 0x02840000 | 0x02840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002850000 | 0x02850000 | 0x02850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002860000 | 0x02860000 | 0x02860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002870000 | 0x02870000 | 0x02870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002880000 | 0x02880000 | 0x02880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002890000 | 0x02890000 | 0x02890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028a0000 | 0x028a0000 | 0x028a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028b0000 | 0x028b0000 | 0x028b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028c0000 | 0x028c0000 | 0x028c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028d0000 | 0x028d0000 | 0x028d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028e0000 | 0x028e0000 | 0x028e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028f0000 | 0x028f0000 | 0x028f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002900000 | 0x02900000 | 0x02900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002910000 | 0x02910000 | 0x02910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002920000 | 0x02920000 | 0x02920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002930000 | 0x02930000 | 0x02930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002940000 | 0x02940000 | 0x02940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002950000 | 0x02950000 | 0x02950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002960000 | 0x02960000 | 0x02960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002970000 | 0x02970000 | 0x02970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002980000 | 0x02980000 | 0x02980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002990000 | 0x02990000 | 0x02990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029a0000 | 0x029a0000 | 0x029a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029b0000 | 0x029b0000 | 0x029b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029c0000 | 0x029c0000 | 0x029c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029d0000 | 0x029d0000 | 0x029d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029e0000 | 0x029e0000 | 0x029e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029f0000 | 0x029f0000 | 0x029f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a00000 | 0x02a00000 | 0x02a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a10000 | 0x02a10000 | 0x02a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a20000 | 0x02a20000 | 0x02a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a30000 | 0x02a30000 | 0x02a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a40000 | 0x02a40000 | 0x02a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a50000 | 0x02a50000 | 0x02a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a60000 | 0x02a60000 | 0x02a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a70000 | 0x02a70000 | 0x02a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a80000 | 0x02a80000 | 0x02a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a90000 | 0x02a90000 | 0x02a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002aa0000 | 0x02aa0000 | 0x02aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ab0000 | 0x02ab0000 | 0x02ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ac0000 | 0x02ac0000 | 0x02ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ad0000 | 0x02ad0000 | 0x02ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ae0000 | 0x02ae0000 | 0x02ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002af0000 | 0x02af0000 | 0x02af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b00000 | 0x02b00000 | 0x02b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b10000 | 0x02b10000 | 0x02b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b20000 | 0x02b20000 | 0x02b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b30000 | 0x02b30000 | 0x02b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b40000 | 0x02b40000 | 0x02b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b50000 | 0x02b50000 | 0x02b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b60000 | 0x02b60000 | 0x02b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b70000 | 0x02b70000 | 0x02b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b80000 | 0x02b80000 | 0x02b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b90000 | 0x02b90000 | 0x02b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ba0000 | 0x02ba0000 | 0x02ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002bb0000 | 0x02bb0000 | 0x02bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002bc0000 | 0x02bc0000 | 0x02bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002bd0000 | 0x02bd0000 | 0x02bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002be0000 | 0x02be0000 | 0x02be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002bf0000 | 0x02bf0000 | 0x02bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c00000 | 0x02c00000 | 0x02c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c10000 | 0x02c10000 | 0x02c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c20000 | 0x02c20000 | 0x02c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c30000 | 0x02c30000 | 0x02c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c40000 | 0x02c40000 | 0x02c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c50000 | 0x02c50000 | 0x02c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c60000 | 0x02c60000 | 0x02c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c70000 | 0x02c70000 | 0x02c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c80000 | 0x02c80000 | 0x02c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c90000 | 0x02c90000 | 0x02c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ca0000 | 0x02ca0000 | 0x02ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002cb0000 | 0x02cb0000 | 0x02cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002cc0000 | 0x02cc0000 | 0x02cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002cd0000 | 0x02cd0000 | 0x02cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ce0000 | 0x02ce0000 | 0x02ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002cf0000 | 0x02cf0000 | 0x02cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d00000 | 0x02d00000 | 0x02d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d10000 | 0x02d10000 | 0x02d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d20000 | 0x02d20000 | 0x02d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d30000 | 0x02d30000 | 0x02d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d40000 | 0x02d40000 | 0x02d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d50000 | 0x02d50000 | 0x02d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d60000 | 0x02d60000 | 0x02d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d70000 | 0x02d70000 | 0x02d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d80000 | 0x02d80000 | 0x02d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d90000 | 0x02d90000 | 0x02d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002da0000 | 0x02da0000 | 0x02da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002db0000 | 0x02db0000 | 0x02db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002dc0000 | 0x02dc0000 | 0x02dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002dd0000 | 0x02dd0000 | 0x02dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002de0000 | 0x02de0000 | 0x02de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002df0000 | 0x02df0000 | 0x02df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e00000 | 0x02e00000 | 0x02e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e10000 | 0x02e10000 | 0x02e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e20000 | 0x02e20000 | 0x02e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e30000 | 0x02e30000 | 0x02e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e40000 | 0x02e40000 | 0x02e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e50000 | 0x02e50000 | 0x02e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e60000 | 0x02e60000 | 0x02e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e70000 | 0x02e70000 | 0x02e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e80000 | 0x02e80000 | 0x02e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e90000 | 0x02e90000 | 0x02e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ea0000 | 0x02ea0000 | 0x02ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002eb0000 | 0x02eb0000 | 0x02eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ec0000 | 0x02ec0000 | 0x02ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ed0000 | 0x02ed0000 | 0x02ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ee0000 | 0x02ee0000 | 0x02ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ef0000 | 0x02ef0000 | 0x02ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f00000 | 0x02f00000 | 0x02f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f10000 | 0x02f10000 | 0x02f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f20000 | 0x02f20000 | 0x02f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f30000 | 0x02f30000 | 0x02f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f40000 | 0x02f40000 | 0x02f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f50000 | 0x02f50000 | 0x02f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f60000 | 0x02f60000 | 0x02f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f70000 | 0x02f70000 | 0x02f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f80000 | 0x02f80000 | 0x02f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f90000 | 0x02f90000 | 0x02f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002fa0000 | 0x02fa0000 | 0x02fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002fb0000 | 0x02fb0000 | 0x02fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002fc0000 | 0x02fc0000 | 0x02fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002fd0000 | 0x02fd0000 | 0x02fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002fe0000 | 0x02fe0000 | 0x02fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ff0000 | 0x02ff0000 | 0x02ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003000000 | 0x03000000 | 0x03000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003010000 | 0x03010000 | 0x03010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003020000 | 0x03020000 | 0x03020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003030000 | 0x03030000 | 0x03030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003040000 | 0x03040000 | 0x03040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003050000 | 0x03050000 | 0x03050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003060000 | 0x03060000 | 0x03060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003070000 | 0x03070000 | 0x03070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003080000 | 0x03080000 | 0x03080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003090000 | 0x03090000 | 0x03090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030a0000 | 0x030a0000 | 0x030a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030b0000 | 0x030b0000 | 0x030b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030c0000 | 0x030c0000 | 0x030c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030d0000 | 0x030d0000 | 0x030d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030e0000 | 0x030e0000 | 0x030e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030f0000 | 0x030f0000 | 0x030f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003100000 | 0x03100000 | 0x03100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003110000 | 0x03110000 | 0x03110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003120000 | 0x03120000 | 0x03120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003130000 | 0x03130000 | 0x03130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003140000 | 0x03140000 | 0x03140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003150000 | 0x03150000 | 0x03150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003160000 | 0x03160000 | 0x03160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003170000 | 0x03170000 | 0x03170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003180000 | 0x03180000 | 0x03180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003190000 | 0x03190000 | 0x03190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031a0000 | 0x031a0000 | 0x031a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031b0000 | 0x031b0000 | 0x031b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031c0000 | 0x031c0000 | 0x031c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031d0000 | 0x031d0000 | 0x031d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031e0000 | 0x031e0000 | 0x031e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031f0000 | 0x031f0000 | 0x031f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003200000 | 0x03200000 | 0x03200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003210000 | 0x03210000 | 0x03210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003220000 | 0x03220000 | 0x03220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003230000 | 0x03230000 | 0x03230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003240000 | 0x03240000 | 0x03240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003250000 | 0x03250000 | 0x03250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003260000 | 0x03260000 | 0x03260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003270000 | 0x03270000 | 0x03270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003280000 | 0x03280000 | 0x03280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003290000 | 0x03290000 | 0x03290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032a0000 | 0x032a0000 | 0x032a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032b0000 | 0x032b0000 | 0x032b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032c0000 | 0x032c0000 | 0x032c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032d0000 | 0x032d0000 | 0x032d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032e0000 | 0x032e0000 | 0x032e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032f0000 | 0x032f0000 | 0x032f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003300000 | 0x03300000 | 0x03300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003310000 | 0x03310000 | 0x03310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003320000 | 0x03320000 | 0x03320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003330000 | 0x03330000 | 0x03330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003340000 | 0x03340000 | 0x03340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003350000 | 0x03350000 | 0x03350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003360000 | 0x03360000 | 0x03360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003370000 | 0x03370000 | 0x03370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003380000 | 0x03380000 | 0x03380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003390000 | 0x03390000 | 0x03390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033a0000 | 0x033a0000 | 0x033a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033b0000 | 0x033b0000 | 0x033b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033c0000 | 0x033c0000 | 0x033c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033d0000 | 0x033d0000 | 0x033d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033e0000 | 0x033e0000 | 0x033e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033f0000 | 0x033f0000 | 0x033f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003400000 | 0x03400000 | 0x03400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003410000 | 0x03410000 | 0x03410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003420000 | 0x03420000 | 0x03420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003430000 | 0x03430000 | 0x03430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003440000 | 0x03440000 | 0x03440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003450000 | 0x03450000 | 0x03450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003460000 | 0x03460000 | 0x03460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003470000 | 0x03470000 | 0x03470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003480000 | 0x03480000 | 0x03480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003490000 | 0x03490000 | 0x03490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034a0000 | 0x034a0000 | 0x034a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034b0000 | 0x034b0000 | 0x034b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034c0000 | 0x034c0000 | 0x034c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034d0000 | 0x034d0000 | 0x034d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034e0000 | 0x034e0000 | 0x034e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034f0000 | 0x034f0000 | 0x034f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003500000 | 0x03500000 | 0x03500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003510000 | 0x03510000 | 0x03510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003520000 | 0x03520000 | 0x03520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003530000 | 0x03530000 | 0x03530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003540000 | 0x03540000 | 0x03540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003550000 | 0x03550000 | 0x03550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003560000 | 0x03560000 | 0x03560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003570000 | 0x03570000 | 0x03570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003580000 | 0x03580000 | 0x03580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003590000 | 0x03590000 | 0x03590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035a0000 | 0x035a0000 | 0x035a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035b0000 | 0x035b0000 | 0x035b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035c0000 | 0x035c0000 | 0x035c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035d0000 | 0x035d0000 | 0x035d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035e0000 | 0x035e0000 | 0x035e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035f0000 | 0x035f0000 | 0x035f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003600000 | 0x03600000 | 0x03600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003610000 | 0x03610000 | 0x03610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003620000 | 0x03620000 | 0x03620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003630000 | 0x03630000 | 0x03630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003640000 | 0x03640000 | 0x03640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003650000 | 0x03650000 | 0x03650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003660000 | 0x03660000 | 0x03660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003670000 | 0x03670000 | 0x03670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003680000 | 0x03680000 | 0x03680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003690000 | 0x03690000 | 0x03690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000036a0000 | 0x036a0000 | 0x036a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000036b0000 | 0x036b0000 | 0x036b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000036c0000 | 0x036c0000 | 0x036c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000036d0000 | 0x036d0000 | 0x036d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000036e0000 | 0x036e0000 | 0x036e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000036f0000 | 0x036f0000 | 0x036f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003700000 | 0x03700000 | 0x03700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003710000 | 0x03710000 | 0x03710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003720000 | 0x03720000 | 0x03720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003730000 | 0x03730000 | 0x03730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003740000 | 0x03740000 | 0x03740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003750000 | 0x03750000 | 0x03750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003760000 | 0x03760000 | 0x03760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003770000 | 0x03770000 | 0x03770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003780000 | 0x03780000 | 0x03780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003790000 | 0x03790000 | 0x03790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000037a0000 | 0x037a0000 | 0x037a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000037b0000 | 0x037b0000 | 0x037b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000037c0000 | 0x037c0000 | 0x037c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000037d0000 | 0x037d0000 | 0x037d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000037e0000 | 0x037e0000 | 0x037e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000037f0000 | 0x037f0000 | 0x037f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003800000 | 0x03800000 | 0x03800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003810000 | 0x03810000 | 0x03810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003820000 | 0x03820000 | 0x03820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003830000 | 0x03830000 | 0x03830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003840000 | 0x03840000 | 0x03840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003850000 | 0x03850000 | 0x03850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003860000 | 0x03860000 | 0x03860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003870000 | 0x03870000 | 0x03870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003880000 | 0x03880000 | 0x03880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003890000 | 0x03890000 | 0x03890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000038a0000 | 0x038a0000 | 0x038a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000038b0000 | 0x038b0000 | 0x038b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000038c0000 | 0x038c0000 | 0x038c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000038d0000 | 0x038d0000 | 0x038d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000038e0000 | 0x038e0000 | 0x038e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000038f0000 | 0x038f0000 | 0x038f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003900000 | 0x03900000 | 0x03900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003910000 | 0x03910000 | 0x03910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003920000 | 0x03920000 | 0x03920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003930000 | 0x03930000 | 0x03930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003940000 | 0x03940000 | 0x03940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003950000 | 0x03950000 | 0x03950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003960000 | 0x03960000 | 0x03960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003970000 | 0x03970000 | 0x03970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003980000 | 0x03980000 | 0x03980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003990000 | 0x03990000 | 0x03990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000039a0000 | 0x039a0000 | 0x039a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000039b0000 | 0x039b0000 | 0x039b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000039c0000 | 0x039c0000 | 0x039c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000039d0000 | 0x039d0000 | 0x039d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000039e0000 | 0x039e0000 | 0x039e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000039f0000 | 0x039f0000 | 0x039f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a00000 | 0x03a00000 | 0x03a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a10000 | 0x03a10000 | 0x03a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a20000 | 0x03a20000 | 0x03a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a30000 | 0x03a30000 | 0x03a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a40000 | 0x03a40000 | 0x03a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a50000 | 0x03a50000 | 0x03a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a60000 | 0x03a60000 | 0x03a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a70000 | 0x03a70000 | 0x03a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a80000 | 0x03a80000 | 0x03a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003a90000 | 0x03a90000 | 0x03a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003aa0000 | 0x03aa0000 | 0x03aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ab0000 | 0x03ab0000 | 0x03ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ac0000 | 0x03ac0000 | 0x03ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ad0000 | 0x03ad0000 | 0x03ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ae0000 | 0x03ae0000 | 0x03ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003af0000 | 0x03af0000 | 0x03af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b00000 | 0x03b00000 | 0x03b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b10000 | 0x03b10000 | 0x03b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b20000 | 0x03b20000 | 0x03b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b30000 | 0x03b30000 | 0x03b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b40000 | 0x03b40000 | 0x03b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b50000 | 0x03b50000 | 0x03b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b60000 | 0x03b60000 | 0x03b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b70000 | 0x03b70000 | 0x03b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b80000 | 0x03b80000 | 0x03b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003b90000 | 0x03b90000 | 0x03b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ba0000 | 0x03ba0000 | 0x03ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003bb0000 | 0x03bb0000 | 0x03bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003bc0000 | 0x03bc0000 | 0x03bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003bd0000 | 0x03bd0000 | 0x03bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003be0000 | 0x03be0000 | 0x03be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003bf0000 | 0x03bf0000 | 0x03bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c00000 | 0x03c00000 | 0x03c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c10000 | 0x03c10000 | 0x03c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c20000 | 0x03c20000 | 0x03c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c30000 | 0x03c30000 | 0x03c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c40000 | 0x03c40000 | 0x03c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c50000 | 0x03c50000 | 0x03c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c60000 | 0x03c60000 | 0x03c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c70000 | 0x03c70000 | 0x03c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c80000 | 0x03c80000 | 0x03c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003c90000 | 0x03c90000 | 0x03c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ca0000 | 0x03ca0000 | 0x03ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003cb0000 | 0x03cb0000 | 0x03cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003cc0000 | 0x03cc0000 | 0x03cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003cd0000 | 0x03cd0000 | 0x03cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ce0000 | 0x03ce0000 | 0x03ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003cf0000 | 0x03cf0000 | 0x03cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d00000 | 0x03d00000 | 0x03d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d10000 | 0x03d10000 | 0x03d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d20000 | 0x03d20000 | 0x03d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d30000 | 0x03d30000 | 0x03d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d40000 | 0x03d40000 | 0x03d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d50000 | 0x03d50000 | 0x03d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d60000 | 0x03d60000 | 0x03d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d70000 | 0x03d70000 | 0x03d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d80000 | 0x03d80000 | 0x03d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003d90000 | 0x03d90000 | 0x03d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003da0000 | 0x03da0000 | 0x03da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003db0000 | 0x03db0000 | 0x03db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003dc0000 | 0x03dc0000 | 0x03dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003dd0000 | 0x03dd0000 | 0x03dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003de0000 | 0x03de0000 | 0x03de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003df0000 | 0x03df0000 | 0x03df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e00000 | 0x03e00000 | 0x03e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e10000 | 0x03e10000 | 0x03e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e20000 | 0x03e20000 | 0x03e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e30000 | 0x03e30000 | 0x03e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e40000 | 0x03e40000 | 0x03e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e50000 | 0x03e50000 | 0x03e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e60000 | 0x03e60000 | 0x03e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e70000 | 0x03e70000 | 0x03e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e80000 | 0x03e80000 | 0x03e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003e90000 | 0x03e90000 | 0x03e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ea0000 | 0x03ea0000 | 0x03ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003eb0000 | 0x03eb0000 | 0x03eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ec0000 | 0x03ec0000 | 0x03ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ed0000 | 0x03ed0000 | 0x03ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ee0000 | 0x03ee0000 | 0x03ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ef0000 | 0x03ef0000 | 0x03ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f00000 | 0x03f00000 | 0x03f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f10000 | 0x03f10000 | 0x03f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f20000 | 0x03f20000 | 0x03f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f30000 | 0x03f30000 | 0x03f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f40000 | 0x03f40000 | 0x03f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f50000 | 0x03f50000 | 0x03f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f60000 | 0x03f60000 | 0x03f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f70000 | 0x03f70000 | 0x03f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f80000 | 0x03f80000 | 0x03f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003f90000 | 0x03f90000 | 0x03f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003fa0000 | 0x03fa0000 | 0x03fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003fb0000 | 0x03fb0000 | 0x03fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003fc0000 | 0x03fc0000 | 0x03fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003fd0000 | 0x03fd0000 | 0x03fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003fe0000 | 0x03fe0000 | 0x03fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003ff0000 | 0x03ff0000 | 0x03ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004000000 | 0x04000000 | 0x04000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004010000 | 0x04010000 | 0x04010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004020000 | 0x04020000 | 0x04020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004030000 | 0x04030000 | 0x04030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004040000 | 0x04040000 | 0x04040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004050000 | 0x04050000 | 0x04050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004060000 | 0x04060000 | 0x04060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004070000 | 0x04070000 | 0x04070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004080000 | 0x04080000 | 0x04080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004090000 | 0x04090000 | 0x04090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000040a0000 | 0x040a0000 | 0x040a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000040b0000 | 0x040b0000 | 0x040b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000040c0000 | 0x040c0000 | 0x040c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000040d0000 | 0x040d0000 | 0x040d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000040e0000 | 0x040e0000 | 0x040e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000040f0000 | 0x040f0000 | 0x040f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004100000 | 0x04100000 | 0x04100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004110000 | 0x04110000 | 0x04110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004120000 | 0x04120000 | 0x04120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004130000 | 0x04130000 | 0x04130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004140000 | 0x04140000 | 0x04140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004150000 | 0x04150000 | 0x04150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004160000 | 0x04160000 | 0x04160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000004170000 | 0x04170000 | 0x04170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f3e5000 | 0x7f3e5000 | 0x7f3e5fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x00000031a6240000 | 0x31a6240000 | 0x31a625ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000031a6260000 | 0x31a6260000 | 0x31a6273fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000031a6280000 | 0x31a6280000 | 0x31a637ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000031a6380000 | 0x31a6380000 | 0x31a6383fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000031a6390000 | 0x31a6390000 | 0x31a6390fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000031a63a0000 | 0x31a63a0000 | 0x31a63a1fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff420000 | 0x7df5ff420000 | 0x7ff5ff41ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fd2d0000 | 0x7ff7fd2d0000 | 0x7ff7fd2f2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fd2fa000 | 0x7ff7fd2fa000 | 0x7ff7fd2fafff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fd2fe000 | 0x7ff7fd2fe000 | 0x7ff7fd2fffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x240000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x250000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x260000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x270000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x280000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x290000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2b0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2f0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x300000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x310000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x320000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x330000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x340000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x350000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x360000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x370000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x380000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x390000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3b0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3f0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x400000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x410000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x420000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x430000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x440000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x450000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x460000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x470000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x480000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x490000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4b0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4f0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x500000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x510000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x520000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x530000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x540000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x550000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x560000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x570000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x580000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x590000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x5a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x5b0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x5c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x5d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x5e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x5f0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x600000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x610000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x620000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x630000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x640000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x650000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x660000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x670000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x680000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x690000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x6a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x6b0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x6c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x6d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x6e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x6f0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x700000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x710000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x720000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x730000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x740000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x750000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x760000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x770000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x780000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x790000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x7a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x7b0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x7c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x7d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x7e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x7f0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x800000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x810000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x820000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x830000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x840000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x850000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x860000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x870000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x880000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x890000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x8a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x8b0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x8c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x8d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x8e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x8f0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x900000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x910000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x920000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x930000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x940000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x950000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x960000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x970000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x980000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x990000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x9a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x9b0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x9c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x9d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x9e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x9f0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xa00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xa10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xa20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xa30000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xa40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xa50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xa60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xa70000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xa80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xa90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xaa0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xab0000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xac0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xad0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xae0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xaf0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xb00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xb10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xb20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xb30000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xb40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xb50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xb60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xb70000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xb80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xb90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xba0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xbc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xbd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xbf0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xc00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xc10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xc20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xc30000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xc40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xc50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xc60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xc70000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xc80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xc90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xca0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xcb0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xcc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xcd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xce0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xcf0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xd00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xd10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xd20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xd30000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xd40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xd50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xd60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xd70000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xd80000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xd90000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xda0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xdb0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xdc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xdd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xde0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xdf0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xe00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xe10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xe20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xe30000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xe40000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xe50000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xe60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xe70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xe80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xe90000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xea0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xeb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xed0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xee0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xef0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xf10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xf20000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xf40000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xf50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xf60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xf70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xf80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xf90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xfa0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xfb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xfc0000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xfd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xfe0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0xff0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1000000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1010000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1020000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1030000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1040000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1050000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1060000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1070000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1080000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1090000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x10a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x10b0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x10c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x10d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x10e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x10f0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1100000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1110000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1120000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1130000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1140000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1150000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1160000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1170000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1180000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1190000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x11a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x11b0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x11c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x11d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x11e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x11f0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1200000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1210000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1220000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1230000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1240000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1250000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1260000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1270000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1280000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1290000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x12a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x12b0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x12c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x12d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x12e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x12f0000, size = 22 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1310000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1320000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1330000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1340000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1350000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1360000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1370000, size = 22 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1380000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1390000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x13a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x13b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x13c0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x13d0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x13e0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x13f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1400000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1410000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1420000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1430000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1440000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1450000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1460000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1470000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1480000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1490000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x14a0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x14b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x14c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x14d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x14e0000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x14f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1500000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1510000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1520000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1530000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1540000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1550000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1560000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1570000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1580000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1590000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x15a0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x15b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x15c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x15d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x15e0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x15f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1600000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1610000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1620000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1630000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1640000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1650000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1660000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1670000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1680000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1690000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x16a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x16b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x16c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x16d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x16e0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x16f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1700000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1710000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1720000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1730000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1740000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1750000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1760000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1770000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1780000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1790000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x17a0000, size = 6 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x17b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x17c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x17d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x17e0000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x17f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1800000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1820000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1830000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1840000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1860000, size = 24 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1870000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1880000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1890000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x18a0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x18b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x18c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x18d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x18e0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x18f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1900000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1910000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1920000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1930000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1940000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1950000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1960000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1970000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1980000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1990000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x19a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x19b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x19c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x19d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x19e0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x19f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1a00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1a10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1a20000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1a30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1a40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1a50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1a60000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1a70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1a80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1a90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1aa0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1ab0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1ac0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1ad0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1ae0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1af0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1b00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1b10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1b20000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1b30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1b40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1b50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1b60000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1b70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1b80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1b90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1ba0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1bb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1bc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1bd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1be0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1bf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1c00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1c20000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1c30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1c40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1c60000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1c70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1c80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1ca0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1cc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1cd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1ce0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1cf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1d00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1d10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1d20000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1d30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1d40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1d50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1d60000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1d70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1d80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1d90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1da0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1db0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1dc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1dd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1de0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1df0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1e00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1e10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1e20000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1e30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1e40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1e50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1e60000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1e70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1e80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1e90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1ea0000, size = 22 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1eb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1ec0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1ee0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1ef0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1f00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1f20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1f30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1f40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1f50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1f60000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1f70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1f80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1f90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1fa0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1fc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1fd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1fe0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x1ff0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2000000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2010000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2020000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2030000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2040000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2050000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2060000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2070000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2080000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2090000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x20a0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x20b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x20c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x20d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x20e0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x20f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2100000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2110000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2120000, size = 24 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2130000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2140000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2150000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2160000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2170000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2180000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2190000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x21a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x21b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x21c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x21d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x21e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x21f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2200000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2210000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2220000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2230000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2240000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2250000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2260000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2270000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2280000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2290000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x22a0000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x22b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x22c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x22d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x22e0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x22f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2300000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2310000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2320000, size = 24 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2330000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2340000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2350000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2360000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2370000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2380000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2390000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x23a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x23b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x23c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x23d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x23e0000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x23f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2400000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2420000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2430000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2440000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2450000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2460000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2470000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2480000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2490000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x24a0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x24b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x24c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x24d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x24e0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x24f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2500000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2510000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2520000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2530000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2540000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2550000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2560000, size = 24 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2570000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2580000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2590000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x25a0000, size = 22 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x25b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x25c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x25d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x25e0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x25f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2600000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2610000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2620000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2630000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2640000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2650000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2660000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2670000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2680000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2690000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x26a0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x26b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x26c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x26d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x26e0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x26f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2700000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2710000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2720000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2730000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2740000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2750000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2760000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2770000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2780000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x27a0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x27b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x27c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x27d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x27e0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x27f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2800000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2810000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2820000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2830000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2840000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2850000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2860000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2870000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2880000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2890000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x28a0000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x28b0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x28c0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x28d0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x28e0000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x28f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2900000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2910000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2920000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2930000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2940000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2950000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2960000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2970000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2980000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2990000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x29a0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x29b0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x29c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x29d0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x29e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x29f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2a00000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2a10000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2a20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2a30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2a40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2a50000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2a60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2a70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2a80000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2a90000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2aa0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2ab0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2ac0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2ad0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2ae0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2b00000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2b10000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2b30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2b40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2b50000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2b60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2b70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2b80000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2b90000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2ba0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2bb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2bc0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2bd0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2be0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2bf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2c00000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2c10000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2c20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2c30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2c40000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2c50000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2c60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2c70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2c80000, size = 23 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2c90000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2ca0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2cb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2cc0000, size = 7 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2cd0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2cf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2d00000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2d10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2d20000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2d30000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2d40000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2d50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2d60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2d70000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2d80000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2d90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2da0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2db0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2dc0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2dd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2de0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2df0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2e00000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2e10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2e20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2e30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2e40000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2e50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2e60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2e70000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2e80000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2e90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2ea0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2eb0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2ec0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2ed0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2ee0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2ef0000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2f00000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2f10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2f20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2f30000, size = 22 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2f40000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2f50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2f60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2f70000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2f80000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2f90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2fa0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2fb0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2fc0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2fd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2fe0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x2ff0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3000000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3010000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3020000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3030000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3040000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3050000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3060000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3070000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3080000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3090000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x30a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x30b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x30c0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x30d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x30e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x30f0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3100000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3110000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3120000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3130000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3140000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3150000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3160000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3170000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3180000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3190000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x31a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x31b0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x31c0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x31d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x31e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x31f0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3200000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3210000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3220000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3230000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3240000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3250000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3260000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3270000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3280000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3290000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x32a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x32b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x32c0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x32d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x32e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x32f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3300000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3310000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3320000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3330000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3340000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3350000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3360000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3370000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3380000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3390000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x33a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x33b0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x33c0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x33d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x33e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x33f0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3400000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3410000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3420000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3430000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3440000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3450000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3460000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3470000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3480000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3490000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x34b0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x34c0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x34d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x34f0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3500000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3510000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3530000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3540000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3550000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3560000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3570000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3580000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3590000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x35a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x35b0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x35c0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x35d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x35e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x35f0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3600000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3610000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3620000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3630000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3640000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3650000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3660000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3670000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3680000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3690000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x36a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x36b0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x36c0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x36d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x36e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x36f0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3700000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3710000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3720000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3730000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3740000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3750000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3760000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3770000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3780000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3790000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x37a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x37b0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x37c0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x37d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x37e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x37f0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3800000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3810000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3820000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3830000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3840000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3850000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3860000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3870000, size = 23 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3880000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3890000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x38a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x38b0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x38c0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x38d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x38f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3900000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3910000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3930000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3940000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3950000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3970000, size = 6 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3980000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3990000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x39b0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x39c0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x39d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x39f0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3a00000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3a10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3a30000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3a40000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3a50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3a70000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3a80000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3a90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3ab0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3ac0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3ad0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3af0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3b00000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3b20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3b30000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3b40000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3b50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3b60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3b70000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3b80000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3b90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3ba0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3bb0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3bc0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3bd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3be0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3bf0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3c00000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3c10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3c20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3c30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3c40000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3c50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3c60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3c70000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3c80000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3c90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3ca0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3cb0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3cc0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3cd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3ce0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3cf0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3d00000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3d10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3d20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3d30000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3d40000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3d50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3d60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3d70000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3d80000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3d90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3da0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3db0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3dc0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3dd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3de0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3df0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3e00000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3e10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3e20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3e30000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3e40000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3e50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3e60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3e70000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3e80000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3e90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3ea0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3eb0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3ec0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3ed0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3ee0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3ef0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3f00000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3f10000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3f20000, size = 24 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3f30000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3f50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3f60000, size = 26 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3f70000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3f80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3f90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3fa0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3fb0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3fc0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3fd0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3fe0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x3ff0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4000000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4010000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4020000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4030000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4040000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4050000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4060000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4070000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4080000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4090000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x40a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x40b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x40c0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x40d0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x40e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x40f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4100000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4110000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4120000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4130000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4140000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4150000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4160000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11b0 | address = 0x4170000, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #7 / 0x11c8 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:13, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:22 |
| OS Thread IDs | #421 0x11CC #422 0x11D0 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000200000 | 0x00200000 | 0x00200fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000250000 | 0x00250000 | 0x0025ffff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x00260000 | 0x0031dfff | Memory Mapped File | Readable | | | | |
| private_0x00000000003e0000 | 0x003e0000 | 0x003effff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x0076ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x0086ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000870000 | 0x00870000 | 0x009f7fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000a00000 | 0x00a00000 | 0x00b80fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000b90000 | 0x00b90000 | 0x01f8ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000002060000 | 0x02060000 | 0x0215ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002160000 | 0x02160000 | 0x0225ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile | |
|---|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | ||
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | ||
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | ||
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | ||
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | ||
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | ||
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x11c8 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | ||
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | ||
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | ||
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | ||
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | ||
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | ||
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | ||
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | ||
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | ||
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x11dc, os_pid = 0x11d8, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | ||
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x2a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x11d8, proc_address = 0x2a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x2b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 19 | | 1 | ||
| MEM | ALLOC | address = 0x2c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x2d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x2e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 21 | | 1 | ||
| MEM | ALLOC | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x320000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 21 | | 1 | ||
| MEM | ALLOC | address = 0x340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x360000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x3a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x3e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x420000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x460000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x4a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x4e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x520000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x560000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x5a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x5e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x620000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x660000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x6a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x6e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x720000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 25 | | 1 | ||
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x760000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x7a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x7e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x820000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x860000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x8a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x8e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x920000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x960000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x9a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x9e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xa20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xa60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xaa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xae0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 8 | | 1 | ||
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xb20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xb60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xba0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xbe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xc20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 19 | | 1 | ||
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xc60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xca0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xce0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xd20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xd60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xda0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x11d8, proc_address = 0xdd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xe10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xe50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x11d8, proc_address = 0xe80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xec0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xf00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xf40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x11d8, proc_address = 0xf70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xfb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0xff0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 18, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 18 | | 1 | ||
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x1030000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x11d8, proc_address = 0x1060000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x10a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x10e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x1120000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x1160000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x11a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d8, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d8, proc_address = 0x11e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| For performance reasons, the remaining 2168 entries are omitted. Click to download all 3168 entries as text file (2.68 MB). | ||||||
| Information | Value |
|---|---|
| ID / OS PID | #8 / 0x11d8 |
| OS Parent PID | 0x11c8 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:16, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:19 |
| OS Thread IDs | #423 0x11DC |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000280000 | 0x00280000 | 0x00280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000290000 | 0x00290000 | 0x00290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002a0000 | 0x002a0000 | 0x002a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000300000 | 0x00300000 | 0x00300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000310000 | 0x00310000 | 0x00310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000320000 | 0x00320000 | 0x00320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000330000 | 0x00330000 | 0x00330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000340000 | 0x00340000 | 0x00340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000350000 | 0x00350000 | 0x00350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000360000 | 0x00360000 | 0x00360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000370000 | 0x00370000 | 0x00370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000380000 | 0x00380000 | 0x00380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000390000 | 0x00390000 | 0x00390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003a0000 | 0x003a0000 | 0x003a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003c0000 | 0x003c0000 | 0x003c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000400000 | 0x00400000 | 0x00400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000410000 | 0x00410000 | 0x00410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000420000 | 0x00420000 | 0x00420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000430000 | 0x00430000 | 0x00430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000440000 | 0x00440000 | 0x00440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000450000 | 0x00450000 | 0x00450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000460000 | 0x00460000 | 0x00460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000470000 | 0x00470000 | 0x00470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000480000 | 0x00480000 | 0x00480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000490000 | 0x00490000 | 0x00490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004a0000 | 0x004a0000 | 0x004a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004b0000 | 0x004b0000 | 0x004b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004c0000 | 0x004c0000 | 0x004c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004f0000 | 0x004f0000 | 0x004f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000500000 | 0x00500000 | 0x00500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000520000 | 0x00520000 | 0x00520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000530000 | 0x00530000 | 0x00530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000550000 | 0x00550000 | 0x00550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000560000 | 0x00560000 | 0x00560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000570000 | 0x00570000 | 0x00570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x00580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000590000 | 0x00590000 | 0x00590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005a0000 | 0x005a0000 | 0x005a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005b0000 | 0x005b0000 | 0x005b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005c0000 | 0x005c0000 | 0x005c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005d0000 | 0x005d0000 | 0x005d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005e0000 | 0x005e0000 | 0x005e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000600000 | 0x00600000 | 0x00600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x00750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x00760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007f0000 | 0x007f0000 | 0x007f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000810000 | 0x00810000 | 0x00810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000890000 | 0x00890000 | 0x00890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001370000 | 0x01370000 | 0x01370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001380000 | 0x01380000 | 0x01380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001390000 | 0x01390000 | 0x01390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013a0000 | 0x013a0000 | 0x013a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013b0000 | 0x013b0000 | 0x013b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013c0000 | 0x013c0000 | 0x013c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013d0000 | 0x013d0000 | 0x013d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013e0000 | 0x013e0000 | 0x013e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013f0000 | 0x013f0000 | 0x013f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001400000 | 0x01400000 | 0x01400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001410000 | 0x01410000 | 0x01410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001420000 | 0x01420000 | 0x01420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001430000 | 0x01430000 | 0x01430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001440000 | 0x01440000 | 0x01440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001450000 | 0x01450000 | 0x01450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001460000 | 0x01460000 | 0x01460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001470000 | 0x01470000 | 0x01470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001480000 | 0x01480000 | 0x01480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001490000 | 0x01490000 | 0x01490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014a0000 | 0x014a0000 | 0x014a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014b0000 | 0x014b0000 | 0x014b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014c0000 | 0x014c0000 | 0x014c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014d0000 | 0x014d0000 | 0x014d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014e0000 | 0x014e0000 | 0x014e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014f0000 | 0x014f0000 | 0x014f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001500000 | 0x01500000 | 0x01500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001510000 | 0x01510000 | 0x01510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001520000 | 0x01520000 | 0x01520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001530000 | 0x01530000 | 0x01530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001540000 | 0x01540000 | 0x01540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001550000 | 0x01550000 | 0x01550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001560000 | 0x01560000 | 0x01560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001570000 | 0x01570000 | 0x01570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001580000 | 0x01580000 | 0x01580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001590000 | 0x01590000 | 0x01590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015a0000 | 0x015a0000 | 0x015a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015b0000 | 0x015b0000 | 0x015b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015c0000 | 0x015c0000 | 0x015c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015d0000 | 0x015d0000 | 0x015d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015e0000 | 0x015e0000 | 0x015e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015f0000 | 0x015f0000 | 0x015f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001600000 | 0x01600000 | 0x01600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001610000 | 0x01610000 | 0x01610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001620000 | 0x01620000 | 0x01620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001630000 | 0x01630000 | 0x01630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001640000 | 0x01640000 | 0x01640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001650000 | 0x01650000 | 0x01650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001660000 | 0x01660000 | 0x01660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001670000 | 0x01670000 | 0x01670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001680000 | 0x01680000 | 0x01680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001690000 | 0x01690000 | 0x01690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016a0000 | 0x016a0000 | 0x016a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016b0000 | 0x016b0000 | 0x016b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016c0000 | 0x016c0000 | 0x016c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016d0000 | 0x016d0000 | 0x016d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016e0000 | 0x016e0000 | 0x016e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016f0000 | 0x016f0000 | 0x016f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001700000 | 0x01700000 | 0x01700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001710000 | 0x01710000 | 0x01710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001720000 | 0x01720000 | 0x01720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001730000 | 0x01730000 | 0x01730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001740000 | 0x01740000 | 0x01740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001750000 | 0x01750000 | 0x01750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001760000 | 0x01760000 | 0x01760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001770000 | 0x01770000 | 0x01770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001780000 | 0x01780000 | 0x01780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001790000 | 0x01790000 | 0x01790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017a0000 | 0x017a0000 | 0x017a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017b0000 | 0x017b0000 | 0x017b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017c0000 | 0x017c0000 | 0x017c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017d0000 | 0x017d0000 | 0x017d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017e0000 | 0x017e0000 | 0x017e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017f0000 | 0x017f0000 | 0x017f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001800000 | 0x01800000 | 0x01800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001810000 | 0x01810000 | 0x01810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001820000 | 0x01820000 | 0x01820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001830000 | 0x01830000 | 0x01830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001840000 | 0x01840000 | 0x01840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001850000 | 0x01850000 | 0x01850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001860000 | 0x01860000 | 0x01860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001870000 | 0x01870000 | 0x01870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001880000 | 0x01880000 | 0x01880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001890000 | 0x01890000 | 0x01890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018a0000 | 0x018a0000 | 0x018a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018b0000 | 0x018b0000 | 0x018b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018c0000 | 0x018c0000 | 0x018c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018d0000 | 0x018d0000 | 0x018d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018e0000 | 0x018e0000 | 0x018e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018f0000 | 0x018f0000 | 0x018f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001900000 | 0x01900000 | 0x01900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001910000 | 0x01910000 | 0x01910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001920000 | 0x01920000 | 0x01920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001930000 | 0x01930000 | 0x01930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001940000 | 0x01940000 | 0x01940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001950000 | 0x01950000 | 0x01950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001960000 | 0x01960000 | 0x01960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001970000 | 0x01970000 | 0x01970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001980000 | 0x01980000 | 0x01980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001990000 | 0x01990000 | 0x01990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019a0000 | 0x019a0000 | 0x019a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019b0000 | 0x019b0000 | 0x019b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019c0000 | 0x019c0000 | 0x019c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019d0000 | 0x019d0000 | 0x019d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019e0000 | 0x019e0000 | 0x019e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019f0000 | 0x019f0000 | 0x019f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a00000 | 0x01a00000 | 0x01a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a10000 | 0x01a10000 | 0x01a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a20000 | 0x01a20000 | 0x01a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a30000 | 0x01a30000 | 0x01a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a40000 | 0x01a40000 | 0x01a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a50000 | 0x01a50000 | 0x01a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a60000 | 0x01a60000 | 0x01a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a70000 | 0x01a70000 | 0x01a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a80000 | 0x01a80000 | 0x01a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a90000 | 0x01a90000 | 0x01a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001aa0000 | 0x01aa0000 | 0x01aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ab0000 | 0x01ab0000 | 0x01ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ac0000 | 0x01ac0000 | 0x01ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ad0000 | 0x01ad0000 | 0x01ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ae0000 | 0x01ae0000 | 0x01ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001af0000 | 0x01af0000 | 0x01af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b00000 | 0x01b00000 | 0x01b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b10000 | 0x01b10000 | 0x01b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b20000 | 0x01b20000 | 0x01b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b30000 | 0x01b30000 | 0x01b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b40000 | 0x01b40000 | 0x01b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b50000 | 0x01b50000 | 0x01b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b60000 | 0x01b60000 | 0x01b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b70000 | 0x01b70000 | 0x01b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b80000 | 0x01b80000 | 0x01b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b90000 | 0x01b90000 | 0x01b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ba0000 | 0x01ba0000 | 0x01ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bb0000 | 0x01bb0000 | 0x01bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bc0000 | 0x01bc0000 | 0x01bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bd0000 | 0x01bd0000 | 0x01bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001be0000 | 0x01be0000 | 0x01be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bf0000 | 0x01bf0000 | 0x01bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c00000 | 0x01c00000 | 0x01c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c10000 | 0x01c10000 | 0x01c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c20000 | 0x01c20000 | 0x01c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c30000 | 0x01c30000 | 0x01c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c40000 | 0x01c40000 | 0x01c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c50000 | 0x01c50000 | 0x01c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c60000 | 0x01c60000 | 0x01c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c70000 | 0x01c70000 | 0x01c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c80000 | 0x01c80000 | 0x01c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c90000 | 0x01c90000 | 0x01c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ca0000 | 0x01ca0000 | 0x01ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cb0000 | 0x01cb0000 | 0x01cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cc0000 | 0x01cc0000 | 0x01cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cd0000 | 0x01cd0000 | 0x01cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ce0000 | 0x01ce0000 | 0x01ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cf0000 | 0x01cf0000 | 0x01cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d00000 | 0x01d00000 | 0x01d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d10000 | 0x01d10000 | 0x01d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d20000 | 0x01d20000 | 0x01d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d30000 | 0x01d30000 | 0x01d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d40000 | 0x01d40000 | 0x01d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d50000 | 0x01d50000 | 0x01d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d60000 | 0x01d60000 | 0x01d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d70000 | 0x01d70000 | 0x01d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d80000 | 0x01d80000 | 0x01d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d90000 | 0x01d90000 | 0x01d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001da0000 | 0x01da0000 | 0x01da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001db0000 | 0x01db0000 | 0x01db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001dc0000 | 0x01dc0000 | 0x01dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001dd0000 | 0x01dd0000 | 0x01dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001de0000 | 0x01de0000 | 0x01de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001df0000 | 0x01df0000 | 0x01df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e00000 | 0x01e00000 | 0x01e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e10000 | 0x01e10000 | 0x01e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e20000 | 0x01e20000 | 0x01e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e30000 | 0x01e30000 | 0x01e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e40000 | 0x01e40000 | 0x01e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e50000 | 0x01e50000 | 0x01e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e60000 | 0x01e60000 | 0x01e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e70000 | 0x01e70000 | 0x01e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e80000 | 0x01e80000 | 0x01e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e90000 | 0x01e90000 | 0x01e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ea0000 | 0x01ea0000 | 0x01ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001eb0000 | 0x01eb0000 | 0x01eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ec0000 | 0x01ec0000 | 0x01ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ed0000 | 0x01ed0000 | 0x01ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ee0000 | 0x01ee0000 | 0x01ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ef0000 | 0x01ef0000 | 0x01ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f00000 | 0x01f00000 | 0x01f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f10000 | 0x01f10000 | 0x01f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f20000 | 0x01f20000 | 0x01f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f30000 | 0x01f30000 | 0x01f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f40000 | 0x01f40000 | 0x01f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f50000 | 0x01f50000 | 0x01f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f60000 | 0x01f60000 | 0x01f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f70000 | 0x01f70000 | 0x01f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f80000 | 0x01f80000 | 0x01f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f90000 | 0x01f90000 | 0x01f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fa0000 | 0x01fa0000 | 0x01fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fb0000 | 0x01fb0000 | 0x01fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fc0000 | 0x01fc0000 | 0x01fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fd0000 | 0x01fd0000 | 0x01fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fe0000 | 0x01fe0000 | 0x01fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ff0000 | 0x01ff0000 | 0x01ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002000000 | 0x02000000 | 0x02000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002010000 | 0x02010000 | 0x02010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002020000 | 0x02020000 | 0x02020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002030000 | 0x02030000 | 0x02030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002040000 | 0x02040000 | 0x02040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002050000 | 0x02050000 | 0x02050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002060000 | 0x02060000 | 0x02060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002070000 | 0x02070000 | 0x02070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002080000 | 0x02080000 | 0x02080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002090000 | 0x02090000 | 0x02090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020a0000 | 0x020a0000 | 0x020a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020b0000 | 0x020b0000 | 0x020b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020c0000 | 0x020c0000 | 0x020c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020d0000 | 0x020d0000 | 0x020d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020e0000 | 0x020e0000 | 0x020e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020f0000 | 0x020f0000 | 0x020f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002100000 | 0x02100000 | 0x02100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002110000 | 0x02110000 | 0x02110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002120000 | 0x02120000 | 0x02120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002130000 | 0x02130000 | 0x02130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002140000 | 0x02140000 | 0x02140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002150000 | 0x02150000 | 0x02150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002160000 | 0x02160000 | 0x02160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002170000 | 0x02170000 | 0x02170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002180000 | 0x02180000 | 0x02180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002190000 | 0x02190000 | 0x02190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021a0000 | 0x021a0000 | 0x021a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021b0000 | 0x021b0000 | 0x021b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021c0000 | 0x021c0000 | 0x021c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021d0000 | 0x021d0000 | 0x021d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021e0000 | 0x021e0000 | 0x021e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021f0000 | 0x021f0000 | 0x021f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002200000 | 0x02200000 | 0x02200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002210000 | 0x02210000 | 0x02210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002220000 | 0x02220000 | 0x02220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002230000 | 0x02230000 | 0x02230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002240000 | 0x02240000 | 0x02240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002250000 | 0x02250000 | 0x02250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002260000 | 0x02260000 | 0x02260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002270000 | 0x02270000 | 0x02270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002280000 | 0x02280000 | 0x02280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002290000 | 0x02290000 | 0x02290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022a0000 | 0x022a0000 | 0x022a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022b0000 | 0x022b0000 | 0x022b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022c0000 | 0x022c0000 | 0x022c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022d0000 | 0x022d0000 | 0x022d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022e0000 | 0x022e0000 | 0x022e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022f0000 | 0x022f0000 | 0x022f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002300000 | 0x02300000 | 0x02300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002310000 | 0x02310000 | 0x02310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002320000 | 0x02320000 | 0x02320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002330000 | 0x02330000 | 0x02330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002340000 | 0x02340000 | 0x02340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002350000 | 0x02350000 | 0x02350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002360000 | 0x02360000 | 0x02360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002370000 | 0x02370000 | 0x02370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002380000 | 0x02380000 | 0x02380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002390000 | 0x02390000 | 0x02390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023a0000 | 0x023a0000 | 0x023a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023b0000 | 0x023b0000 | 0x023b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023c0000 | 0x023c0000 | 0x023c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023d0000 | 0x023d0000 | 0x023d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023e0000 | 0x023e0000 | 0x023e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023f0000 | 0x023f0000 | 0x023f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002400000 | 0x02400000 | 0x02400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002410000 | 0x02410000 | 0x02410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002420000 | 0x02420000 | 0x02420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002430000 | 0x02430000 | 0x02430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002440000 | 0x02440000 | 0x02440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002450000 | 0x02450000 | 0x02450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002460000 | 0x02460000 | 0x02460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002470000 | 0x02470000 | 0x02470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002480000 | 0x02480000 | 0x02480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002490000 | 0x02490000 | 0x02490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024a0000 | 0x024a0000 | 0x024a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024b0000 | 0x024b0000 | 0x024b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024c0000 | 0x024c0000 | 0x024c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024d0000 | 0x024d0000 | 0x024d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024e0000 | 0x024e0000 | 0x024e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024f0000 | 0x024f0000 | 0x024f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002500000 | 0x02500000 | 0x02500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002510000 | 0x02510000 | 0x02510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002520000 | 0x02520000 | 0x02520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002530000 | 0x02530000 | 0x02530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002540000 | 0x02540000 | 0x02540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002550000 | 0x02550000 | 0x02550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002560000 | 0x02560000 | 0x02560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002570000 | 0x02570000 | 0x02570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002580000 | 0x02580000 | 0x02580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002590000 | 0x02590000 | 0x02590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025a0000 | 0x025a0000 | 0x025a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025b0000 | 0x025b0000 | 0x025b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025c0000 | 0x025c0000 | 0x025c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025d0000 | 0x025d0000 | 0x025d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025e0000 | 0x025e0000 | 0x025e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025f0000 | 0x025f0000 | 0x025f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002600000 | 0x02600000 | 0x02600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002610000 | 0x02610000 | 0x02610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002620000 | 0x02620000 | 0x02620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002630000 | 0x02630000 | 0x02630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002640000 | 0x02640000 | 0x02640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002650000 | 0x02650000 | 0x02650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002660000 | 0x02660000 | 0x02660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002670000 | 0x02670000 | 0x02670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002680000 | 0x02680000 | 0x02680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002690000 | 0x02690000 | 0x02690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026a0000 | 0x026a0000 | 0x026a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026b0000 | 0x026b0000 | 0x026b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026c0000 | 0x026c0000 | 0x026c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026d0000 | 0x026d0000 | 0x026d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026e0000 | 0x026e0000 | 0x026e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026f0000 | 0x026f0000 | 0x026f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002700000 | 0x02700000 | 0x02700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002710000 | 0x02710000 | 0x02710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002720000 | 0x02720000 | 0x02720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002730000 | 0x02730000 | 0x02730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002740000 | 0x02740000 | 0x02740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002750000 | 0x02750000 | 0x02750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002760000 | 0x02760000 | 0x02760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002770000 | 0x02770000 | 0x02770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002780000 | 0x02780000 | 0x02780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002790000 | 0x02790000 | 0x02790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027a0000 | 0x027a0000 | 0x027a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027b0000 | 0x027b0000 | 0x027b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027c0000 | 0x027c0000 | 0x027c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027d0000 | 0x027d0000 | 0x027d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027e0000 | 0x027e0000 | 0x027e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027f0000 | 0x027f0000 | 0x027f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002800000 | 0x02800000 | 0x02800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002810000 | 0x02810000 | 0x02810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002820000 | 0x02820000 | 0x02820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002830000 | 0x02830000 | 0x02830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002840000 | 0x02840000 | 0x02840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002850000 | 0x02850000 | 0x02850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002860000 | 0x02860000 | 0x02860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002870000 | 0x02870000 | 0x02870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002880000 | 0x02880000 | 0x02880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002890000 | 0x02890000 | 0x02890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028a0000 | 0x028a0000 | 0x028a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028b0000 | 0x028b0000 | 0x028b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028c0000 | 0x028c0000 | 0x028c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028d0000 | 0x028d0000 | 0x028d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028e0000 | 0x028e0000 | 0x028e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028f0000 | 0x028f0000 | 0x028f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002900000 | 0x02900000 | 0x02900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002910000 | 0x02910000 | 0x02910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002920000 | 0x02920000 | 0x02920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002930000 | 0x02930000 | 0x02930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002940000 | 0x02940000 | 0x02940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002950000 | 0x02950000 | 0x02950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002960000 | 0x02960000 | 0x02960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002970000 | 0x02970000 | 0x02970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002980000 | 0x02980000 | 0x02980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002990000 | 0x02990000 | 0x02990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029a0000 | 0x029a0000 | 0x029a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029b0000 | 0x029b0000 | 0x029b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029c0000 | 0x029c0000 | 0x029c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029d0000 | 0x029d0000 | 0x029d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029e0000 | 0x029e0000 | 0x029e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029f0000 | 0x029f0000 | 0x029f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a00000 | 0x02a00000 | 0x02a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a10000 | 0x02a10000 | 0x02a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a20000 | 0x02a20000 | 0x02a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a30000 | 0x02a30000 | 0x02a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a40000 | 0x02a40000 | 0x02a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a50000 | 0x02a50000 | 0x02a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a60000 | 0x02a60000 | 0x02a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a70000 | 0x02a70000 | 0x02a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a80000 | 0x02a80000 | 0x02a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a90000 | 0x02a90000 | 0x02a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002aa0000 | 0x02aa0000 | 0x02aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ab0000 | 0x02ab0000 | 0x02ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ac0000 | 0x02ac0000 | 0x02ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ad0000 | 0x02ad0000 | 0x02ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ae0000 | 0x02ae0000 | 0x02ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002af0000 | 0x02af0000 | 0x02af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b00000 | 0x02b00000 | 0x02b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b10000 | 0x02b10000 | 0x02b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b20000 | 0x02b20000 | 0x02b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b30000 | 0x02b30000 | 0x02b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b40000 | 0x02b40000 | 0x02b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b50000 | 0x02b50000 | 0x02b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b60000 | 0x02b60000 | 0x02b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b70000 | 0x02b70000 | 0x02b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b80000 | 0x02b80000 | 0x02b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b90000 | 0x02b90000 | 0x02b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ba0000 | 0x02ba0000 | 0x02ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002bb0000 | 0x02bb0000 | 0x02bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002bc0000 | 0x02bc0000 | 0x02bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002bd0000 | 0x02bd0000 | 0x02bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002be0000 | 0x02be0000 | 0x02be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002bf0000 | 0x02bf0000 | 0x02bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c00000 | 0x02c00000 | 0x02c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c10000 | 0x02c10000 | 0x02c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c20000 | 0x02c20000 | 0x02c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c30000 | 0x02c30000 | 0x02c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c40000 | 0x02c40000 | 0x02c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c50000 | 0x02c50000 | 0x02c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c60000 | 0x02c60000 | 0x02c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c70000 | 0x02c70000 | 0x02c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c80000 | 0x02c80000 | 0x02c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c90000 | 0x02c90000 | 0x02c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ca0000 | 0x02ca0000 | 0x02ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002cb0000 | 0x02cb0000 | 0x02cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002cc0000 | 0x02cc0000 | 0x02cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002cd0000 | 0x02cd0000 | 0x02cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ce0000 | 0x02ce0000 | 0x02ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002cf0000 | 0x02cf0000 | 0x02cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d00000 | 0x02d00000 | 0x02d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d10000 | 0x02d10000 | 0x02d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d20000 | 0x02d20000 | 0x02d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d30000 | 0x02d30000 | 0x02d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d40000 | 0x02d40000 | 0x02d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d50000 | 0x02d50000 | 0x02d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d60000 | 0x02d60000 | 0x02d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d70000 | 0x02d70000 | 0x02d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d80000 | 0x02d80000 | 0x02d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d90000 | 0x02d90000 | 0x02d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002da0000 | 0x02da0000 | 0x02da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002db0000 | 0x02db0000 | 0x02db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002dc0000 | 0x02dc0000 | 0x02dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002dd0000 | 0x02dd0000 | 0x02dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002de0000 | 0x02de0000 | 0x02de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002df0000 | 0x02df0000 | 0x02df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e00000 | 0x02e00000 | 0x02e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e10000 | 0x02e10000 | 0x02e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e20000 | 0x02e20000 | 0x02e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e30000 | 0x02e30000 | 0x02e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e40000 | 0x02e40000 | 0x02e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e50000 | 0x02e50000 | 0x02e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e60000 | 0x02e60000 | 0x02e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e70000 | 0x02e70000 | 0x02e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e80000 | 0x02e80000 | 0x02e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002e90000 | 0x02e90000 | 0x02e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ea0000 | 0x02ea0000 | 0x02ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002eb0000 | 0x02eb0000 | 0x02eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ec0000 | 0x02ec0000 | 0x02ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ed0000 | 0x02ed0000 | 0x02ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ee0000 | 0x02ee0000 | 0x02ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ef0000 | 0x02ef0000 | 0x02ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f00000 | 0x02f00000 | 0x02f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f10000 | 0x02f10000 | 0x02f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f20000 | 0x02f20000 | 0x02f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f30000 | 0x02f30000 | 0x02f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f40000 | 0x02f40000 | 0x02f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f50000 | 0x02f50000 | 0x02f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f60000 | 0x02f60000 | 0x02f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f70000 | 0x02f70000 | 0x02f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f80000 | 0x02f80000 | 0x02f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002f90000 | 0x02f90000 | 0x02f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002fa0000 | 0x02fa0000 | 0x02fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002fb0000 | 0x02fb0000 | 0x02fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002fc0000 | 0x02fc0000 | 0x02fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002fd0000 | 0x02fd0000 | 0x02fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002fe0000 | 0x02fe0000 | 0x02fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ff0000 | 0x02ff0000 | 0x02ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003000000 | 0x03000000 | 0x03000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003010000 | 0x03010000 | 0x03010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003020000 | 0x03020000 | 0x03020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003030000 | 0x03030000 | 0x03030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003040000 | 0x03040000 | 0x03040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003050000 | 0x03050000 | 0x03050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003060000 | 0x03060000 | 0x03060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003070000 | 0x03070000 | 0x03070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003080000 | 0x03080000 | 0x03080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003090000 | 0x03090000 | 0x03090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030a0000 | 0x030a0000 | 0x030a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030b0000 | 0x030b0000 | 0x030b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030c0000 | 0x030c0000 | 0x030c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030d0000 | 0x030d0000 | 0x030d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030e0000 | 0x030e0000 | 0x030e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000030f0000 | 0x030f0000 | 0x030f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003100000 | 0x03100000 | 0x03100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003110000 | 0x03110000 | 0x03110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003120000 | 0x03120000 | 0x03120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003130000 | 0x03130000 | 0x03130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003140000 | 0x03140000 | 0x03140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003150000 | 0x03150000 | 0x03150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003160000 | 0x03160000 | 0x03160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003170000 | 0x03170000 | 0x03170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003180000 | 0x03180000 | 0x03180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003190000 | 0x03190000 | 0x03190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031a0000 | 0x031a0000 | 0x031a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031b0000 | 0x031b0000 | 0x031b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031c0000 | 0x031c0000 | 0x031c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031d0000 | 0x031d0000 | 0x031d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031e0000 | 0x031e0000 | 0x031e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000031f0000 | 0x031f0000 | 0x031f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003200000 | 0x03200000 | 0x03200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003210000 | 0x03210000 | 0x03210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003220000 | 0x03220000 | 0x03220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003230000 | 0x03230000 | 0x03230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003240000 | 0x03240000 | 0x03240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003250000 | 0x03250000 | 0x03250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003260000 | 0x03260000 | 0x03260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003270000 | 0x03270000 | 0x03270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003280000 | 0x03280000 | 0x03280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003290000 | 0x03290000 | 0x03290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032a0000 | 0x032a0000 | 0x032a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032b0000 | 0x032b0000 | 0x032b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032c0000 | 0x032c0000 | 0x032c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032d0000 | 0x032d0000 | 0x032d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032e0000 | 0x032e0000 | 0x032e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000032f0000 | 0x032f0000 | 0x032f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003300000 | 0x03300000 | 0x03300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003310000 | 0x03310000 | 0x03310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003320000 | 0x03320000 | 0x03320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003330000 | 0x03330000 | 0x03330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003340000 | 0x03340000 | 0x03340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003350000 | 0x03350000 | 0x03350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003360000 | 0x03360000 | 0x03360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003370000 | 0x03370000 | 0x03370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003380000 | 0x03380000 | 0x03380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003390000 | 0x03390000 | 0x03390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033a0000 | 0x033a0000 | 0x033a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033b0000 | 0x033b0000 | 0x033b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033c0000 | 0x033c0000 | 0x033c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033d0000 | 0x033d0000 | 0x033d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033e0000 | 0x033e0000 | 0x033e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000033f0000 | 0x033f0000 | 0x033f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003400000 | 0x03400000 | 0x03400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003410000 | 0x03410000 | 0x03410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003420000 | 0x03420000 | 0x03420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003430000 | 0x03430000 | 0x03430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003440000 | 0x03440000 | 0x03440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003450000 | 0x03450000 | 0x03450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003460000 | 0x03460000 | 0x03460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003470000 | 0x03470000 | 0x03470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003480000 | 0x03480000 | 0x03480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003490000 | 0x03490000 | 0x03490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034a0000 | 0x034a0000 | 0x034a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034b0000 | 0x034b0000 | 0x034b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034c0000 | 0x034c0000 | 0x034c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034d0000 | 0x034d0000 | 0x034d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034e0000 | 0x034e0000 | 0x034e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000034f0000 | 0x034f0000 | 0x034f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003500000 | 0x03500000 | 0x03500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003510000 | 0x03510000 | 0x03510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003520000 | 0x03520000 | 0x03520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003530000 | 0x03530000 | 0x03530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003540000 | 0x03540000 | 0x03540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003550000 | 0x03550000 | 0x03550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003560000 | 0x03560000 | 0x03560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003570000 | 0x03570000 | 0x03570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003580000 | 0x03580000 | 0x03580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003590000 | 0x03590000 | 0x03590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035a0000 | 0x035a0000 | 0x035a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035b0000 | 0x035b0000 | 0x035b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035c0000 | 0x035c0000 | 0x035c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035d0000 | 0x035d0000 | 0x035d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035e0000 | 0x035e0000 | 0x035e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000035f0000 | 0x035f0000 | 0x035f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000003600000 | 0x03600000 | 0x03600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007ff4f000 | 0x7ff4f000 | 0x7ff4ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x0000000aef280000 | 0xaef280000 | 0xaef29ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000aef2a0000 | 0xaef2a0000 | 0xaef2b3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000aef2c0000 | 0xaef2c0000 | 0xaef3bffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000aef3c0000 | 0xaef3c0000 | 0xaef3c3fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000aef3d0000 | 0xaef3d0000 | 0xaef3d0fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000aef3e0000 | 0xaef3e0000 | 0xaef3e1fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff0a0000 | 0x7df5ff0a0000 | 0x7ff5ff09ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fca80000 | 0x7ff7fca80000 | 0x7ff7fcaa2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fcaad000 | 0x7ff7fcaad000 | 0x7ff7fcaaefff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fcaaf000 | 0x7ff7fcaaf000 | 0x7ff7fcaaffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x280000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x290000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2a0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2b0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2f0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x300000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x310000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x320000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x330000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x340000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x350000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x360000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x370000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x380000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x390000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3f0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x400000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x410000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x420000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x430000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x440000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x450000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x460000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x470000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x480000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x490000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x4a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x4b0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x4c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x4d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x4e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x4f0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x500000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x510000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x520000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x530000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x540000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x550000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x560000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x570000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x580000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x590000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x5a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x5b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x5c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x5d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x5e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x5f0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x600000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x610000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x620000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x630000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x640000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x650000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x660000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x670000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x680000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x690000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x6a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x6b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x6c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x6d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x6e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x6f0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x700000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x710000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x720000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x730000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x740000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x750000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x760000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x770000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x780000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x790000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x7a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x7b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x7c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x7d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x7e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x7f0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x800000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x810000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x820000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x830000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x840000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x850000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x860000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x870000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x880000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x890000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x8c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x8d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x8e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x900000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x910000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x930000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x940000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x950000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x970000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x980000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x990000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x9a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x9b0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x9d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x9e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xa00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xa10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xa30000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xa40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xa50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xa70000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xa80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xa90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xab0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xac0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xad0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xaf0000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xb00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xb10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xb30000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xb40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xb50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xb70000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xb80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xb90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xba0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xbb0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xbc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xbd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xbe0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xbf0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xc00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xc10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xc20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xc30000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xc40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xc50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xc60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xc70000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xc80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xc90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xca0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xcb0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xcc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xcd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xce0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xd00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xd10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xd20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xd40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xd50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xd60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xd80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xd90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xda0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xdc0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xdd0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xde0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xdf0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xe00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xe10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xe20000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xe30000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xe40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xe50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xe60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xe70000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xe90000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xea0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xeb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xed0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xee0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xef0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xf10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xf20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xf30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xf50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xf60000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xf70000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xf80000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xf90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xfa0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xfb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xfc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xfd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xfe0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0xff0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1000000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1010000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1020000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1030000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1040000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1050000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1060000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1070000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1080000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1090000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x10a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x10b0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x10c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x10d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x10e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x10f0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1100000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1110000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1120000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1130000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1140000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1150000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1170000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1180000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x11a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x11c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x11d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x11e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1200000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1210000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1220000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1240000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1250000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1260000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1280000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1290000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x12a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x12c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x12d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x12e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x12f0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1300000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1310000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1320000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1330000, size = 22 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1340000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1350000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1360000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1380000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1390000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x13a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x13b0000, size = 22 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x13c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x13d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x13e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x13f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1400000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1410000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1420000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1430000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1440000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1450000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1460000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1470000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1480000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1490000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x14a0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x14b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x14c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x14d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x14e0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x14f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1500000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1510000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1520000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1530000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1540000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1550000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1570000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1580000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1590000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x15b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x15c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x15d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x15f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1600000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1630000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1640000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1650000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1660000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1670000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1680000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x16a0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x16b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x16c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x16e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x16f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1700000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1720000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1730000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1740000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1760000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1770000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1780000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x17a0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x17b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x17c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x17e0000, size = 6 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x17f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1800000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1820000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1830000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1840000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1860000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1870000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1880000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1890000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x18a0000, size = 24 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x18b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x18c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x18d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x18e0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x18f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1900000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1910000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1920000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1930000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1940000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1970000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1980000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1990000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x19b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x19c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x19d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x19f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1a00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1a10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1a30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1a40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1a50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1a70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1a80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1a90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1ab0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1ac0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1ad0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1af0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1b00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1b10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1b20000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1b30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1b40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1b50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1b60000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1b70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1b80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1b90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1ba0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1bb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1bc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1bd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1be0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1bf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1c00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1c10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1c20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1c30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1c40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1c60000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1c70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1c80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1ca0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1cb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1cc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1ce0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1cf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1d00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1d20000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1d30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1d40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1d60000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1d70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1d80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1d90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1da0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1db0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1dc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1dd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1de0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1df0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1e00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1e10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1e20000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1e30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1e40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1e50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1e60000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1e70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1e80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1ea0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1eb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1ec0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1ee0000, size = 22 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1f00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1f30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1f40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1f60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1f70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1f80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1f90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1fa0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1fb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1fc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1fd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1fe0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x1ff0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2000000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2010000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2020000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2030000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2040000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2050000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2060000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2070000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2080000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2090000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x20a0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x20b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x20c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x20d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x20e0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x20f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2100000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2110000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2120000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2130000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2140000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2150000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2160000, size = 24 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2170000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2180000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2190000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x21a0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x21b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x21c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x21d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x21e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x21f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2200000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2210000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2220000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2230000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2240000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2250000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2260000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2270000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2280000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2290000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x22a0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x22b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x22c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x22d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x22e0000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x22f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2300000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2320000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2330000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2340000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2360000, size = 24 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2370000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2380000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x23a0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x23b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x23c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x23e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x23f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2400000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2420000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2430000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2440000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2460000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2470000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2480000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x24a0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x24b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x24c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x24d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x24e0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x24f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2500000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2510000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2520000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2530000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2540000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2550000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2560000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2570000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2580000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2590000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x25a0000, size = 24 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x25b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x25c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x25d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x25e0000, size = 22 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x25f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2600000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2610000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2620000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2630000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2640000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2650000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2660000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2670000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2680000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2690000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x26a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x26b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x26c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x26d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x26e0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x26f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2700000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2710000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2720000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2730000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2740000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2750000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2760000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2770000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2780000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2790000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x27a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x27b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x27c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x27d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x27e0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x27f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2800000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2810000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2820000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2830000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2840000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2850000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2860000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2870000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2880000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2890000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x28a0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x28b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x28c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x28d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x28e0000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x28f0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2900000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2910000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2920000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2930000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2940000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2950000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2960000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2970000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2980000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2990000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x29a0000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x29b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x29c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x29d0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x29e0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x29f0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2a00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2a10000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2a20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2a30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2a40000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2a50000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2a60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2a70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2a80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2a90000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2aa0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2ab0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2ac0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2ad0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2ae0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2af0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2b00000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2b10000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2b20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2b30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2b40000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2b50000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2b60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2b70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2b80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2b90000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2ba0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2bb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2bc0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2bd0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2be0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2c00000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2c20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2c30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2c40000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2c50000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2c60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2c70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2c80000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2c90000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2ca0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2cb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2cc0000, size = 23 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2cd0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2ce0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2cf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2d00000, size = 7 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2d10000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2d20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2d30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2d40000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2d50000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2d60000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2d70000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2d80000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2d90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2da0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2db0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2dc0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2dd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2de0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2df0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2e00000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2e10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2e30000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2e40000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2e50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2e70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2e80000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2e90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2eb0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2ec0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2ed0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2ef0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2f00000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2f10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2f30000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2f40000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2f50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2f70000, size = 22 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2f80000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2f90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2fb0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2fc0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2fd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2fe0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x2ff0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3000000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3010000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3020000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3030000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3040000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3050000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3060000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3070000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3080000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3090000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x30a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x30c0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x30d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x30e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3100000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3110000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3120000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3140000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3150000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3160000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3180000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3190000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x31a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x31b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x31c0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x31d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x31e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x31f0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3200000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3210000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3220000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3230000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3240000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3250000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3270000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3290000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x32b0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x32d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x32f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3300000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3310000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3320000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3330000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3340000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3350000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3360000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3370000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3380000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3390000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x33a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x33b0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x33c0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x33d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x33e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x33f0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3400000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3410000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3430000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3440000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3450000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3460000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3470000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3480000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3490000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x34a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x34b0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x34c0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x34d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x34e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x34f0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3500000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3510000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3520000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3530000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3540000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3550000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3560000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3570000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3580000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3590000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x35b0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x35c0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x35d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x35e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x35f0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11cc | address = 0x3600000, size = 11 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #9 / 0x11e4 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:18, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:17 |
| OS Thread IDs | #424 0x11E8 #425 0x11EC |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000200000 | 0x00200000 | 0x00200fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000230000 | 0x00230000 | 0x0023ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000260000 | 0x00260000 | 0x0026ffff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x00270000 | 0x0032dfff | Memory Mapped File | Readable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x0072ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x0082ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000830000 | 0x00830000 | 0x009b7fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000000009c0000 | 0x009c0000 | 0x00b40fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000b50000 | 0x00b50000 | 0x01f4ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000002020000 | 0x02020000 | 0x0211ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002120000 | 0x02120000 | 0x0221ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile | |
|---|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | ||
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | ||
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | ||
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | ||
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | ||
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | ||
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x11e4 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | ||
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | ||
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | ||
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | ||
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | ||
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | ||
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | ||
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | ||
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | ||
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1200, os_pid = 0x11fc, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | ||
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x11fc, proc_address = 0x4d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 19 | | 1 | ||
| MEM | ALLOC | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x510000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 21 | | 1 | ||
| MEM | ALLOC | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x550000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 21 | | 1 | ||
| MEM | ALLOC | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x590000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x5d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x610000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x650000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x690000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x6d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x710000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x750000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x790000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x7d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x810000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x850000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x890000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x8d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x910000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x950000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 25 | | 1 | ||
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x990000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x9d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xa10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xa50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xa90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xad0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xb10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xb50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xb90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xbd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xc10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xc50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xc90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xcd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xd10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 8 | | 1 | ||
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xd50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xd90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xdd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xe10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xe50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 19 | | 1 | ||
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xe90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xed0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xf10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xf50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xf90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0xfd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x11fc, proc_address = 0x1000000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x1040000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x1080000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x11fc, proc_address = 0x10b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x10f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x1130000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x1170000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x11fc, proc_address = 0x11a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x11e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x1220000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 18, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 18 | | 1 | ||
| MEM | ALLOC | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x1260000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x11fc, proc_address = 0x1290000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x12d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x1310000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x1350000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x1390000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x13d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11fc, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11fc, proc_address = 0x1410000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| For performance reasons, the remaining 1512 entries are omitted. Click to download all 2512 entries as text file (2.12 MB). | ||||||
| Information | Value |
|---|---|
| ID / OS PID | #10 / 0x11fc |
| OS Parent PID | 0x11e4 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:21, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:14 |
| OS Thread IDs | #426 0x1200 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x00000000004b0000 | 0x004b0000 | 0x004b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004c0000 | 0x004c0000 | 0x004c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004f0000 | 0x004f0000 | 0x004f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000500000 | 0x00500000 | 0x00500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000520000 | 0x00520000 | 0x00520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000530000 | 0x00530000 | 0x00530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000550000 | 0x00550000 | 0x00550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000560000 | 0x00560000 | 0x00560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000570000 | 0x00570000 | 0x00570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x00580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000590000 | 0x00590000 | 0x00590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005a0000 | 0x005a0000 | 0x005a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005b0000 | 0x005b0000 | 0x005b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005c0000 | 0x005c0000 | 0x005c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005d0000 | 0x005d0000 | 0x005d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005e0000 | 0x005e0000 | 0x005e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000600000 | 0x00600000 | 0x00600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x00750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x00760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007f0000 | 0x007f0000 | 0x007f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000810000 | 0x00810000 | 0x00810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000890000 | 0x00890000 | 0x00890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001370000 | 0x01370000 | 0x01370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001380000 | 0x01380000 | 0x01380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001390000 | 0x01390000 | 0x01390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013a0000 | 0x013a0000 | 0x013a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013b0000 | 0x013b0000 | 0x013b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013c0000 | 0x013c0000 | 0x013c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013d0000 | 0x013d0000 | 0x013d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013e0000 | 0x013e0000 | 0x013e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013f0000 | 0x013f0000 | 0x013f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001400000 | 0x01400000 | 0x01400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001410000 | 0x01410000 | 0x01410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001420000 | 0x01420000 | 0x01420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001430000 | 0x01430000 | 0x01430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001440000 | 0x01440000 | 0x01440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001450000 | 0x01450000 | 0x01450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001460000 | 0x01460000 | 0x01460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001470000 | 0x01470000 | 0x01470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001480000 | 0x01480000 | 0x01480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001490000 | 0x01490000 | 0x01490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014a0000 | 0x014a0000 | 0x014a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014b0000 | 0x014b0000 | 0x014b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014c0000 | 0x014c0000 | 0x014c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014d0000 | 0x014d0000 | 0x014d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014e0000 | 0x014e0000 | 0x014e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014f0000 | 0x014f0000 | 0x014f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001500000 | 0x01500000 | 0x01500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001510000 | 0x01510000 | 0x01510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001520000 | 0x01520000 | 0x01520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001530000 | 0x01530000 | 0x01530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001540000 | 0x01540000 | 0x01540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001550000 | 0x01550000 | 0x01550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001560000 | 0x01560000 | 0x01560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001570000 | 0x01570000 | 0x01570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001580000 | 0x01580000 | 0x01580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001590000 | 0x01590000 | 0x01590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015a0000 | 0x015a0000 | 0x015a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015b0000 | 0x015b0000 | 0x015b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015c0000 | 0x015c0000 | 0x015c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015d0000 | 0x015d0000 | 0x015d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015e0000 | 0x015e0000 | 0x015e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015f0000 | 0x015f0000 | 0x015f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001600000 | 0x01600000 | 0x01600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001610000 | 0x01610000 | 0x01610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001620000 | 0x01620000 | 0x01620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001630000 | 0x01630000 | 0x01630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001640000 | 0x01640000 | 0x01640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001650000 | 0x01650000 | 0x01650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001660000 | 0x01660000 | 0x01660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001670000 | 0x01670000 | 0x01670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001680000 | 0x01680000 | 0x01680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001690000 | 0x01690000 | 0x01690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016a0000 | 0x016a0000 | 0x016a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016b0000 | 0x016b0000 | 0x016b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016c0000 | 0x016c0000 | 0x016c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016d0000 | 0x016d0000 | 0x016d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016e0000 | 0x016e0000 | 0x016e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016f0000 | 0x016f0000 | 0x016f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001700000 | 0x01700000 | 0x01700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001710000 | 0x01710000 | 0x01710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001720000 | 0x01720000 | 0x01720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001730000 | 0x01730000 | 0x01730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001740000 | 0x01740000 | 0x01740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001750000 | 0x01750000 | 0x01750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001760000 | 0x01760000 | 0x01760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001770000 | 0x01770000 | 0x01770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001780000 | 0x01780000 | 0x01780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001790000 | 0x01790000 | 0x01790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017a0000 | 0x017a0000 | 0x017a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017b0000 | 0x017b0000 | 0x017b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017c0000 | 0x017c0000 | 0x017c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017d0000 | 0x017d0000 | 0x017d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017e0000 | 0x017e0000 | 0x017e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017f0000 | 0x017f0000 | 0x017f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001800000 | 0x01800000 | 0x01800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001810000 | 0x01810000 | 0x01810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001820000 | 0x01820000 | 0x01820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001830000 | 0x01830000 | 0x01830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001840000 | 0x01840000 | 0x01840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001850000 | 0x01850000 | 0x01850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001860000 | 0x01860000 | 0x01860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001870000 | 0x01870000 | 0x01870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001880000 | 0x01880000 | 0x01880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001890000 | 0x01890000 | 0x01890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018a0000 | 0x018a0000 | 0x018a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018b0000 | 0x018b0000 | 0x018b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018c0000 | 0x018c0000 | 0x018c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018d0000 | 0x018d0000 | 0x018d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018e0000 | 0x018e0000 | 0x018e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018f0000 | 0x018f0000 | 0x018f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001900000 | 0x01900000 | 0x01900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001910000 | 0x01910000 | 0x01910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001920000 | 0x01920000 | 0x01920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001930000 | 0x01930000 | 0x01930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001940000 | 0x01940000 | 0x01940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001950000 | 0x01950000 | 0x01950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001960000 | 0x01960000 | 0x01960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001970000 | 0x01970000 | 0x01970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001980000 | 0x01980000 | 0x01980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001990000 | 0x01990000 | 0x01990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019a0000 | 0x019a0000 | 0x019a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019b0000 | 0x019b0000 | 0x019b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019c0000 | 0x019c0000 | 0x019c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019d0000 | 0x019d0000 | 0x019d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019e0000 | 0x019e0000 | 0x019e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019f0000 | 0x019f0000 | 0x019f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a00000 | 0x01a00000 | 0x01a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a10000 | 0x01a10000 | 0x01a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a20000 | 0x01a20000 | 0x01a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a30000 | 0x01a30000 | 0x01a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a40000 | 0x01a40000 | 0x01a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a50000 | 0x01a50000 | 0x01a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a60000 | 0x01a60000 | 0x01a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a70000 | 0x01a70000 | 0x01a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a80000 | 0x01a80000 | 0x01a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a90000 | 0x01a90000 | 0x01a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001aa0000 | 0x01aa0000 | 0x01aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ab0000 | 0x01ab0000 | 0x01ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ac0000 | 0x01ac0000 | 0x01ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ad0000 | 0x01ad0000 | 0x01ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ae0000 | 0x01ae0000 | 0x01ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001af0000 | 0x01af0000 | 0x01af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b00000 | 0x01b00000 | 0x01b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b10000 | 0x01b10000 | 0x01b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b20000 | 0x01b20000 | 0x01b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b30000 | 0x01b30000 | 0x01b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b40000 | 0x01b40000 | 0x01b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b50000 | 0x01b50000 | 0x01b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b60000 | 0x01b60000 | 0x01b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b70000 | 0x01b70000 | 0x01b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b80000 | 0x01b80000 | 0x01b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b90000 | 0x01b90000 | 0x01b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ba0000 | 0x01ba0000 | 0x01ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bb0000 | 0x01bb0000 | 0x01bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bc0000 | 0x01bc0000 | 0x01bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bd0000 | 0x01bd0000 | 0x01bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001be0000 | 0x01be0000 | 0x01be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bf0000 | 0x01bf0000 | 0x01bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c00000 | 0x01c00000 | 0x01c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c10000 | 0x01c10000 | 0x01c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c20000 | 0x01c20000 | 0x01c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c30000 | 0x01c30000 | 0x01c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c40000 | 0x01c40000 | 0x01c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c50000 | 0x01c50000 | 0x01c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c60000 | 0x01c60000 | 0x01c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c70000 | 0x01c70000 | 0x01c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c80000 | 0x01c80000 | 0x01c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c90000 | 0x01c90000 | 0x01c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ca0000 | 0x01ca0000 | 0x01ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cb0000 | 0x01cb0000 | 0x01cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cc0000 | 0x01cc0000 | 0x01cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cd0000 | 0x01cd0000 | 0x01cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ce0000 | 0x01ce0000 | 0x01ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cf0000 | 0x01cf0000 | 0x01cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d00000 | 0x01d00000 | 0x01d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d10000 | 0x01d10000 | 0x01d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d20000 | 0x01d20000 | 0x01d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d30000 | 0x01d30000 | 0x01d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d40000 | 0x01d40000 | 0x01d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d50000 | 0x01d50000 | 0x01d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d60000 | 0x01d60000 | 0x01d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d70000 | 0x01d70000 | 0x01d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d80000 | 0x01d80000 | 0x01d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d90000 | 0x01d90000 | 0x01d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001da0000 | 0x01da0000 | 0x01da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001db0000 | 0x01db0000 | 0x01db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001dc0000 | 0x01dc0000 | 0x01dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001dd0000 | 0x01dd0000 | 0x01dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001de0000 | 0x01de0000 | 0x01de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001df0000 | 0x01df0000 | 0x01df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e00000 | 0x01e00000 | 0x01e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e10000 | 0x01e10000 | 0x01e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e20000 | 0x01e20000 | 0x01e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e30000 | 0x01e30000 | 0x01e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e40000 | 0x01e40000 | 0x01e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e50000 | 0x01e50000 | 0x01e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e60000 | 0x01e60000 | 0x01e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e70000 | 0x01e70000 | 0x01e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e80000 | 0x01e80000 | 0x01e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e90000 | 0x01e90000 | 0x01e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ea0000 | 0x01ea0000 | 0x01ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001eb0000 | 0x01eb0000 | 0x01eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ec0000 | 0x01ec0000 | 0x01ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ed0000 | 0x01ed0000 | 0x01ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ee0000 | 0x01ee0000 | 0x01ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ef0000 | 0x01ef0000 | 0x01ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f00000 | 0x01f00000 | 0x01f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f10000 | 0x01f10000 | 0x01f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f20000 | 0x01f20000 | 0x01f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f30000 | 0x01f30000 | 0x01f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f40000 | 0x01f40000 | 0x01f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f50000 | 0x01f50000 | 0x01f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f60000 | 0x01f60000 | 0x01f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f70000 | 0x01f70000 | 0x01f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f80000 | 0x01f80000 | 0x01f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f90000 | 0x01f90000 | 0x01f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fa0000 | 0x01fa0000 | 0x01fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fb0000 | 0x01fb0000 | 0x01fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fc0000 | 0x01fc0000 | 0x01fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fd0000 | 0x01fd0000 | 0x01fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fe0000 | 0x01fe0000 | 0x01fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ff0000 | 0x01ff0000 | 0x01ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002000000 | 0x02000000 | 0x02000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002010000 | 0x02010000 | 0x02010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002020000 | 0x02020000 | 0x02020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002030000 | 0x02030000 | 0x02030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002040000 | 0x02040000 | 0x02040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002050000 | 0x02050000 | 0x02050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002060000 | 0x02060000 | 0x02060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002070000 | 0x02070000 | 0x02070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002080000 | 0x02080000 | 0x02080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002090000 | 0x02090000 | 0x02090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020a0000 | 0x020a0000 | 0x020a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020b0000 | 0x020b0000 | 0x020b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020c0000 | 0x020c0000 | 0x020c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020d0000 | 0x020d0000 | 0x020d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020e0000 | 0x020e0000 | 0x020e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020f0000 | 0x020f0000 | 0x020f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002100000 | 0x02100000 | 0x02100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002110000 | 0x02110000 | 0x02110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002120000 | 0x02120000 | 0x02120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002130000 | 0x02130000 | 0x02130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002140000 | 0x02140000 | 0x02140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002150000 | 0x02150000 | 0x02150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002160000 | 0x02160000 | 0x02160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002170000 | 0x02170000 | 0x02170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002180000 | 0x02180000 | 0x02180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002190000 | 0x02190000 | 0x02190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021a0000 | 0x021a0000 | 0x021a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021b0000 | 0x021b0000 | 0x021b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021c0000 | 0x021c0000 | 0x021c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021d0000 | 0x021d0000 | 0x021d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021e0000 | 0x021e0000 | 0x021e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000021f0000 | 0x021f0000 | 0x021f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002200000 | 0x02200000 | 0x02200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002210000 | 0x02210000 | 0x02210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002220000 | 0x02220000 | 0x02220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002230000 | 0x02230000 | 0x02230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002240000 | 0x02240000 | 0x02240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002250000 | 0x02250000 | 0x02250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002260000 | 0x02260000 | 0x02260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002270000 | 0x02270000 | 0x02270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002280000 | 0x02280000 | 0x02280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002290000 | 0x02290000 | 0x02290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022a0000 | 0x022a0000 | 0x022a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022b0000 | 0x022b0000 | 0x022b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022c0000 | 0x022c0000 | 0x022c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022d0000 | 0x022d0000 | 0x022d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022e0000 | 0x022e0000 | 0x022e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000022f0000 | 0x022f0000 | 0x022f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002300000 | 0x02300000 | 0x02300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002310000 | 0x02310000 | 0x02310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002320000 | 0x02320000 | 0x02320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002330000 | 0x02330000 | 0x02330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002340000 | 0x02340000 | 0x02340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002350000 | 0x02350000 | 0x02350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002360000 | 0x02360000 | 0x02360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002370000 | 0x02370000 | 0x02370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002380000 | 0x02380000 | 0x02380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002390000 | 0x02390000 | 0x02390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023a0000 | 0x023a0000 | 0x023a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023b0000 | 0x023b0000 | 0x023b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023c0000 | 0x023c0000 | 0x023c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023d0000 | 0x023d0000 | 0x023d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023e0000 | 0x023e0000 | 0x023e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000023f0000 | 0x023f0000 | 0x023f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002400000 | 0x02400000 | 0x02400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002410000 | 0x02410000 | 0x02410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002420000 | 0x02420000 | 0x02420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002430000 | 0x02430000 | 0x02430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002440000 | 0x02440000 | 0x02440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002450000 | 0x02450000 | 0x02450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002460000 | 0x02460000 | 0x02460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002470000 | 0x02470000 | 0x02470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002480000 | 0x02480000 | 0x02480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002490000 | 0x02490000 | 0x02490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024a0000 | 0x024a0000 | 0x024a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024b0000 | 0x024b0000 | 0x024b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024c0000 | 0x024c0000 | 0x024c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024d0000 | 0x024d0000 | 0x024d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024e0000 | 0x024e0000 | 0x024e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000024f0000 | 0x024f0000 | 0x024f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002500000 | 0x02500000 | 0x02500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002510000 | 0x02510000 | 0x02510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002520000 | 0x02520000 | 0x02520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002530000 | 0x02530000 | 0x02530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002540000 | 0x02540000 | 0x02540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002550000 | 0x02550000 | 0x02550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002560000 | 0x02560000 | 0x02560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002570000 | 0x02570000 | 0x02570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002580000 | 0x02580000 | 0x02580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002590000 | 0x02590000 | 0x02590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025a0000 | 0x025a0000 | 0x025a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025b0000 | 0x025b0000 | 0x025b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025c0000 | 0x025c0000 | 0x025c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025d0000 | 0x025d0000 | 0x025d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025e0000 | 0x025e0000 | 0x025e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000025f0000 | 0x025f0000 | 0x025f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002600000 | 0x02600000 | 0x02600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002610000 | 0x02610000 | 0x02610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002620000 | 0x02620000 | 0x02620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002630000 | 0x02630000 | 0x02630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002640000 | 0x02640000 | 0x02640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002650000 | 0x02650000 | 0x02650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002660000 | 0x02660000 | 0x02660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002670000 | 0x02670000 | 0x02670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002680000 | 0x02680000 | 0x02680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002690000 | 0x02690000 | 0x02690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026a0000 | 0x026a0000 | 0x026a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026b0000 | 0x026b0000 | 0x026b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026c0000 | 0x026c0000 | 0x026c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026d0000 | 0x026d0000 | 0x026d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026e0000 | 0x026e0000 | 0x026e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000026f0000 | 0x026f0000 | 0x026f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002700000 | 0x02700000 | 0x02700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002710000 | 0x02710000 | 0x02710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002720000 | 0x02720000 | 0x02720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002730000 | 0x02730000 | 0x02730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002740000 | 0x02740000 | 0x02740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002750000 | 0x02750000 | 0x02750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002760000 | 0x02760000 | 0x02760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002770000 | 0x02770000 | 0x02770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002780000 | 0x02780000 | 0x02780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002790000 | 0x02790000 | 0x02790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027a0000 | 0x027a0000 | 0x027a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027b0000 | 0x027b0000 | 0x027b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027c0000 | 0x027c0000 | 0x027c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027d0000 | 0x027d0000 | 0x027d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027e0000 | 0x027e0000 | 0x027e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000027f0000 | 0x027f0000 | 0x027f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002800000 | 0x02800000 | 0x02800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002810000 | 0x02810000 | 0x02810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002820000 | 0x02820000 | 0x02820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002830000 | 0x02830000 | 0x02830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002840000 | 0x02840000 | 0x02840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002850000 | 0x02850000 | 0x02850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002860000 | 0x02860000 | 0x02860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002870000 | 0x02870000 | 0x02870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002880000 | 0x02880000 | 0x02880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002890000 | 0x02890000 | 0x02890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028a0000 | 0x028a0000 | 0x028a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028b0000 | 0x028b0000 | 0x028b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028c0000 | 0x028c0000 | 0x028c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028d0000 | 0x028d0000 | 0x028d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028e0000 | 0x028e0000 | 0x028e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000028f0000 | 0x028f0000 | 0x028f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002900000 | 0x02900000 | 0x02900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002910000 | 0x02910000 | 0x02910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002920000 | 0x02920000 | 0x02920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002930000 | 0x02930000 | 0x02930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002940000 | 0x02940000 | 0x02940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002950000 | 0x02950000 | 0x02950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002960000 | 0x02960000 | 0x02960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002970000 | 0x02970000 | 0x02970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002980000 | 0x02980000 | 0x02980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002990000 | 0x02990000 | 0x02990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029a0000 | 0x029a0000 | 0x029a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029b0000 | 0x029b0000 | 0x029b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029c0000 | 0x029c0000 | 0x029c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029d0000 | 0x029d0000 | 0x029d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029e0000 | 0x029e0000 | 0x029e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000029f0000 | 0x029f0000 | 0x029f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a00000 | 0x02a00000 | 0x02a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a10000 | 0x02a10000 | 0x02a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a20000 | 0x02a20000 | 0x02a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a30000 | 0x02a30000 | 0x02a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a40000 | 0x02a40000 | 0x02a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a50000 | 0x02a50000 | 0x02a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a60000 | 0x02a60000 | 0x02a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a70000 | 0x02a70000 | 0x02a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a80000 | 0x02a80000 | 0x02a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002a90000 | 0x02a90000 | 0x02a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002aa0000 | 0x02aa0000 | 0x02aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ab0000 | 0x02ab0000 | 0x02ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ac0000 | 0x02ac0000 | 0x02ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ad0000 | 0x02ad0000 | 0x02ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ae0000 | 0x02ae0000 | 0x02ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002af0000 | 0x02af0000 | 0x02af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b00000 | 0x02b00000 | 0x02b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b10000 | 0x02b10000 | 0x02b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b20000 | 0x02b20000 | 0x02b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b30000 | 0x02b30000 | 0x02b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b40000 | 0x02b40000 | 0x02b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b50000 | 0x02b50000 | 0x02b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b60000 | 0x02b60000 | 0x02b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b70000 | 0x02b70000 | 0x02b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b80000 | 0x02b80000 | 0x02b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002b90000 | 0x02b90000 | 0x02b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ba0000 | 0x02ba0000 | 0x02ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002bb0000 | 0x02bb0000 | 0x02bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002bc0000 | 0x02bc0000 | 0x02bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002bd0000 | 0x02bd0000 | 0x02bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002be0000 | 0x02be0000 | 0x02be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002bf0000 | 0x02bf0000 | 0x02bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c00000 | 0x02c00000 | 0x02c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c10000 | 0x02c10000 | 0x02c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c20000 | 0x02c20000 | 0x02c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c30000 | 0x02c30000 | 0x02c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c40000 | 0x02c40000 | 0x02c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c50000 | 0x02c50000 | 0x02c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c60000 | 0x02c60000 | 0x02c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c70000 | 0x02c70000 | 0x02c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c80000 | 0x02c80000 | 0x02c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002c90000 | 0x02c90000 | 0x02c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ca0000 | 0x02ca0000 | 0x02ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002cb0000 | 0x02cb0000 | 0x02cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002cc0000 | 0x02cc0000 | 0x02cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002cd0000 | 0x02cd0000 | 0x02cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002ce0000 | 0x02ce0000 | 0x02ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002cf0000 | 0x02cf0000 | 0x02cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d00000 | 0x02d00000 | 0x02d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d10000 | 0x02d10000 | 0x02d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d20000 | 0x02d20000 | 0x02d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d30000 | 0x02d30000 | 0x02d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002d40000 | 0x02d40000 | 0x02d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007fabd000 | 0x7fabd000 | 0x7fabdfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x0000006f0d4b0000 | 0x6f0d4b0000 | 0x6f0d4cffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000006f0d4d0000 | 0x6f0d4d0000 | 0x6f0d4e3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000006f0d4f0000 | 0x6f0d4f0000 | 0x6f0d5effff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000006f0d5f0000 | 0x6f0d5f0000 | 0x6f0d5f3fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000006f0d600000 | 0x6f0d600000 | 0x6f0d600fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000006f0d610000 | 0x6f0d610000 | 0x6f0d611fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ffa50000 | 0x7df5ffa50000 | 0x7ff5ffa4ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fd2e0000 | 0x7ff7fd2e0000 | 0x7ff7fd302fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fd306000 | 0x7ff7fd306000 | 0x7ff7fd306fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fd30e000 | 0x7ff7fd30e000 | 0x7ff7fd30ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x4b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x4c0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x4d0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x4e0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x4f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x500000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x510000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x520000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x530000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x540000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x550000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x560000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x570000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x580000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x5a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x5b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x5c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x5e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x5f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x600000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x620000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x630000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x640000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x660000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x670000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x680000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x6a0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x6b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x6c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x6e0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x6f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x700000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x720000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x730000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x740000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x760000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x770000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x780000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x7a0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x7b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x7c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x7e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x7f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x800000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x820000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x830000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x840000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x860000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x870000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x880000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x890000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x8a0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x8b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x8c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x8d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x8e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x8f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x900000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x910000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x920000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x930000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x940000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x950000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x960000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x970000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x980000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x990000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x9a0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x9b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x9c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x9d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x9e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x9f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xa00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xa10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xa20000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xa30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xa40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xa50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xa60000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xa70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xa80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xaa0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xab0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xad0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xae0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xaf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xb10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xb20000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xb30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xb40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xb50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xb70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xb80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xb90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xbb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xbc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xbd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xbf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xc00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xc10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xc30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xc40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xc50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xc70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xc80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xc90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xcb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xcc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xcd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xcf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xd00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xd10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xd30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xd40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xd50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xd60000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xd70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xd80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xd90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xda0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xdb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xdc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xde0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xdf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xe00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xe20000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xe30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xe40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xe60000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xe70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xe80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xea0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xeb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xec0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xee0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xef0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xf00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xf20000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xf30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xf40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xf50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xf60000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xf70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xf80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xf90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xfa0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xfb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xfc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xfd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xfe0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0xff0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1000000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1010000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1020000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1030000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1040000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1050000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1060000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1070000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1080000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1090000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x10a0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x10b0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x10c0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x10d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x10e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x10f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1100000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1110000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1120000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1130000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1140000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1150000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1160000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1170000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1180000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1190000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x11a0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x11b0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x11c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x11d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x11e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x11f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1200000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1210000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1220000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1230000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1240000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1250000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1260000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1270000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1280000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1290000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x12a0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x12b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x12c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x12d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x12e0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x12f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1300000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1310000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1330000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1340000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1360000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1370000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1380000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1390000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x13a0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x13b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x13c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x13d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x13e0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x13f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1400000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1410000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1420000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1430000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1440000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1450000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1460000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1470000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1480000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1490000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x14b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x14c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x14d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x14f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1500000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1510000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1530000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1540000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1550000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1570000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1580000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1590000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x15a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x15b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x15c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x15d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x15e0000, size = 22 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x15f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1600000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1610000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1620000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1630000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1640000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1650000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1660000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1670000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1680000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1690000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x16a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x16b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x16c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x16d0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x16e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1700000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1710000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1720000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1740000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1750000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1760000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1780000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1790000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x17a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x17c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x17d0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x17e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1800000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1810000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1820000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1840000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1850000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1860000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1880000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1890000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x18a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x18b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x18d0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x18e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x18f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1910000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1920000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1930000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1950000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1960000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1970000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1990000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x19a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x19b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x19d0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x19e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x19f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1a10000, size = 6 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1a20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1a30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1a40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1a50000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1a60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1a70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1a80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1a90000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1aa0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1ab0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1ac0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1ad0000, size = 24 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1ae0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1af0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1b00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1b10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1b20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1b30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1b40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1b50000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1b60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1b70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1b80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1b90000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1ba0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1bb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1bc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1bd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1be0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1bf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1c10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1c20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1c30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1c50000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1c60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1c80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1c90000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1ca0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1cc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1cd0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1ce0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1d00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1d10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1d30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1d40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1d50000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1d70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1d80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1d90000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1db0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1dc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1dd0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1df0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1e00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1e10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1e30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1e40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1e50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1e70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1e80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1e90000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1eb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1ec0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1ed0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1ee0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1ef0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1f00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1f10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1f20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1f30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1f40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1f50000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1f60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1f70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1f80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1f90000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1fa0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1fb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1fd0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1fe0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x1ff0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2010000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2020000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2030000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2040000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2050000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2060000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2070000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2080000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2090000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x20a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x20b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x20c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x20d0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x20e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x20f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2110000, size = 22 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2120000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2130000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2150000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2160000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2170000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2190000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x21a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x21b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x21d0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x21e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x21f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2210000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2220000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2230000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2250000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2260000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2270000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2290000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x22a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x22b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x22d0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x22e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x22f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2310000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2320000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2330000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2340000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2350000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2360000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2370000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2380000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x23a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x23c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x23e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x23f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2400000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2410000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2430000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2460000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2470000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2480000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x24a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x24b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x24c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x24d0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x24e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x24f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2500000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2510000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2520000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2530000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2540000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2550000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2560000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2570000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2590000, size = 24 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x25a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x25b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x25d0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x25e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x25f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2610000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2620000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2630000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2640000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2650000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2660000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2670000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2680000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2690000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x26a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x26b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x26c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x26d0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x26e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x26f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2700000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2710000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2720000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2730000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2740000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2750000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2760000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2770000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2780000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2790000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x27a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x27b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x27d0000, size = 24 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x27f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2800000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2810000, size = 22 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2820000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2840000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2850000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2860000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2870000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2880000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2890000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x28a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x28b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x28c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x28d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x28e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x28f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2900000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2910000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2920000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2930000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2940000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2950000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2960000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2970000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2980000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2990000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x29a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x29b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x29d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x29e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x29f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2a10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2a20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2a30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2a50000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2a70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2a80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2aa0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2ab0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2ac0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2ad0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2ae0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2af0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2b00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2b10000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2b20000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2b30000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2b50000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2b60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2b70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2b80000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2b90000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2ba0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2bb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2bc0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2bd0000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2be0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2bf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2c00000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2c10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2c20000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2c30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2c40000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2c50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2c60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2c70000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2c80000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2c90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2ca0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2cb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2cc0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2cd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2ce0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2cf0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2d00000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2d10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2d20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2d30000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11e8 | address = 0x2d40000, size = 10 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #11 / 0x120c |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:24, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:11 |
| OS Thread IDs | #427 0x1210 #428 0x1214 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x0003ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x001c0000 | 0x0027dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x002bffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002cffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002d0000 | 0x002d0000 | 0x003cffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x0072ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000730000 | 0x00730000 | 0x008b7fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000000008c0000 | 0x008c0000 | 0x00a40fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000a50000 | 0x00a50000 | 0x01e4ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000001e50000 | 0x01e50000 | 0x01f4ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000001fe0000 | 0x01fe0000 | 0x020dffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile | |
|---|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | ||
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | ||
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | ||
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | ||
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | ||
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | ||
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x120c | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | ||
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | ||
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | ||
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | ||
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | ||
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | ||
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | ||
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | ||
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | ||
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x121c, os_pid = 0x1218, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | ||
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x1218, proc_address = 0x4a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 19 | | 1 | ||
| MEM | ALLOC | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x4e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 21 | | 1 | ||
| MEM | ALLOC | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x520000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 21 | | 1 | ||
| MEM | ALLOC | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x560000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x5a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x5e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x620000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x660000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x6a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x6e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x720000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x760000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x7a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x7e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x820000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x860000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x8a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x8e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x920000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 25 | | 1 | ||
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x960000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x9a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x9e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xa20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xa60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xaa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xae0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xb20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xb60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xba0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xbe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xc20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xc60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xca0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xce0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 8 | | 1 | ||
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xd20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xd60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xda0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xde0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xe20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 19 | | 1 | ||
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xe60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xea0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xee0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xf20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xf60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0xfa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x1218, proc_address = 0xfd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x1010000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x1050000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x1218, proc_address = 0x1080000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x10c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x1100000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x1140000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x1218, proc_address = 0x1170000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x11b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x11f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 18, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 18 | | 1 | ||
| MEM | ALLOC | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x1230000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x1218, proc_address = 0x1260000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x12a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x12e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x1320000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x1360000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x13a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1218, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1218, proc_address = 0x13e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| For performance reasons, the remaining 770 entries are omitted. Click to download all 1770 entries as text file (1.49 MB). | ||||||
| Information | Value |
|---|---|
| ID / OS PID | #12 / 0x1218 |
| OS Parent PID | 0x120c (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:27, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:08 |
| OS Thread IDs | #429 0x121C |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000480000 | 0x00480000 | 0x00480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000490000 | 0x00490000 | 0x00490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004a0000 | 0x004a0000 | 0x004a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004b0000 | 0x004b0000 | 0x004b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004c0000 | 0x004c0000 | 0x004c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004f0000 | 0x004f0000 | 0x004f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000500000 | 0x00500000 | 0x00500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000520000 | 0x00520000 | 0x00520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000530000 | 0x00530000 | 0x00530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000550000 | 0x00550000 | 0x00550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000560000 | 0x00560000 | 0x00560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000570000 | 0x00570000 | 0x00570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x00580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000590000 | 0x00590000 | 0x00590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005a0000 | 0x005a0000 | 0x005a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005b0000 | 0x005b0000 | 0x005b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005c0000 | 0x005c0000 | 0x005c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005d0000 | 0x005d0000 | 0x005d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005e0000 | 0x005e0000 | 0x005e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000600000 | 0x00600000 | 0x00600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x00750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x00760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007f0000 | 0x007f0000 | 0x007f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000810000 | 0x00810000 | 0x00810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000890000 | 0x00890000 | 0x00890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001370000 | 0x01370000 | 0x01370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001380000 | 0x01380000 | 0x01380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001390000 | 0x01390000 | 0x01390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013a0000 | 0x013a0000 | 0x013a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013b0000 | 0x013b0000 | 0x013b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013c0000 | 0x013c0000 | 0x013c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013d0000 | 0x013d0000 | 0x013d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013e0000 | 0x013e0000 | 0x013e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013f0000 | 0x013f0000 | 0x013f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001400000 | 0x01400000 | 0x01400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001410000 | 0x01410000 | 0x01410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001420000 | 0x01420000 | 0x01420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001430000 | 0x01430000 | 0x01430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001440000 | 0x01440000 | 0x01440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001450000 | 0x01450000 | 0x01450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001460000 | 0x01460000 | 0x01460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001470000 | 0x01470000 | 0x01470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001480000 | 0x01480000 | 0x01480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001490000 | 0x01490000 | 0x01490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014a0000 | 0x014a0000 | 0x014a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014b0000 | 0x014b0000 | 0x014b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014c0000 | 0x014c0000 | 0x014c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014d0000 | 0x014d0000 | 0x014d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014e0000 | 0x014e0000 | 0x014e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014f0000 | 0x014f0000 | 0x014f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001500000 | 0x01500000 | 0x01500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001510000 | 0x01510000 | 0x01510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001520000 | 0x01520000 | 0x01520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001530000 | 0x01530000 | 0x01530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001540000 | 0x01540000 | 0x01540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001550000 | 0x01550000 | 0x01550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001560000 | 0x01560000 | 0x01560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001570000 | 0x01570000 | 0x01570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001580000 | 0x01580000 | 0x01580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001590000 | 0x01590000 | 0x01590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015a0000 | 0x015a0000 | 0x015a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015b0000 | 0x015b0000 | 0x015b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015c0000 | 0x015c0000 | 0x015c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015d0000 | 0x015d0000 | 0x015d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015e0000 | 0x015e0000 | 0x015e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015f0000 | 0x015f0000 | 0x015f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001600000 | 0x01600000 | 0x01600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001610000 | 0x01610000 | 0x01610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001620000 | 0x01620000 | 0x01620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001630000 | 0x01630000 | 0x01630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001640000 | 0x01640000 | 0x01640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001650000 | 0x01650000 | 0x01650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001660000 | 0x01660000 | 0x01660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001670000 | 0x01670000 | 0x01670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001680000 | 0x01680000 | 0x01680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001690000 | 0x01690000 | 0x01690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016a0000 | 0x016a0000 | 0x016a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016b0000 | 0x016b0000 | 0x016b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016c0000 | 0x016c0000 | 0x016c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016d0000 | 0x016d0000 | 0x016d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016e0000 | 0x016e0000 | 0x016e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016f0000 | 0x016f0000 | 0x016f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001700000 | 0x01700000 | 0x01700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001710000 | 0x01710000 | 0x01710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001720000 | 0x01720000 | 0x01720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001730000 | 0x01730000 | 0x01730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001740000 | 0x01740000 | 0x01740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001750000 | 0x01750000 | 0x01750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001760000 | 0x01760000 | 0x01760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001770000 | 0x01770000 | 0x01770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001780000 | 0x01780000 | 0x01780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001790000 | 0x01790000 | 0x01790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017a0000 | 0x017a0000 | 0x017a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017b0000 | 0x017b0000 | 0x017b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017c0000 | 0x017c0000 | 0x017c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017d0000 | 0x017d0000 | 0x017d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017e0000 | 0x017e0000 | 0x017e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017f0000 | 0x017f0000 | 0x017f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001800000 | 0x01800000 | 0x01800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001810000 | 0x01810000 | 0x01810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001820000 | 0x01820000 | 0x01820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001830000 | 0x01830000 | 0x01830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001840000 | 0x01840000 | 0x01840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001850000 | 0x01850000 | 0x01850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001860000 | 0x01860000 | 0x01860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001870000 | 0x01870000 | 0x01870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001880000 | 0x01880000 | 0x01880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001890000 | 0x01890000 | 0x01890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018a0000 | 0x018a0000 | 0x018a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018b0000 | 0x018b0000 | 0x018b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018c0000 | 0x018c0000 | 0x018c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018d0000 | 0x018d0000 | 0x018d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018e0000 | 0x018e0000 | 0x018e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018f0000 | 0x018f0000 | 0x018f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001900000 | 0x01900000 | 0x01900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001910000 | 0x01910000 | 0x01910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001920000 | 0x01920000 | 0x01920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001930000 | 0x01930000 | 0x01930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001940000 | 0x01940000 | 0x01940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001950000 | 0x01950000 | 0x01950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001960000 | 0x01960000 | 0x01960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001970000 | 0x01970000 | 0x01970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001980000 | 0x01980000 | 0x01980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001990000 | 0x01990000 | 0x01990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019a0000 | 0x019a0000 | 0x019a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019b0000 | 0x019b0000 | 0x019b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019c0000 | 0x019c0000 | 0x019c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019d0000 | 0x019d0000 | 0x019d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019e0000 | 0x019e0000 | 0x019e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019f0000 | 0x019f0000 | 0x019f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a00000 | 0x01a00000 | 0x01a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a10000 | 0x01a10000 | 0x01a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a20000 | 0x01a20000 | 0x01a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a30000 | 0x01a30000 | 0x01a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a40000 | 0x01a40000 | 0x01a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a50000 | 0x01a50000 | 0x01a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a60000 | 0x01a60000 | 0x01a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a70000 | 0x01a70000 | 0x01a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a80000 | 0x01a80000 | 0x01a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a90000 | 0x01a90000 | 0x01a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001aa0000 | 0x01aa0000 | 0x01aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ab0000 | 0x01ab0000 | 0x01ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ac0000 | 0x01ac0000 | 0x01ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ad0000 | 0x01ad0000 | 0x01ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ae0000 | 0x01ae0000 | 0x01ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001af0000 | 0x01af0000 | 0x01af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b00000 | 0x01b00000 | 0x01b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b10000 | 0x01b10000 | 0x01b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b20000 | 0x01b20000 | 0x01b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b30000 | 0x01b30000 | 0x01b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b40000 | 0x01b40000 | 0x01b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b50000 | 0x01b50000 | 0x01b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b60000 | 0x01b60000 | 0x01b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b70000 | 0x01b70000 | 0x01b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b80000 | 0x01b80000 | 0x01b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b90000 | 0x01b90000 | 0x01b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ba0000 | 0x01ba0000 | 0x01ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bb0000 | 0x01bb0000 | 0x01bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bc0000 | 0x01bc0000 | 0x01bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bd0000 | 0x01bd0000 | 0x01bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001be0000 | 0x01be0000 | 0x01be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bf0000 | 0x01bf0000 | 0x01bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c00000 | 0x01c00000 | 0x01c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c10000 | 0x01c10000 | 0x01c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c20000 | 0x01c20000 | 0x01c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c30000 | 0x01c30000 | 0x01c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c40000 | 0x01c40000 | 0x01c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c50000 | 0x01c50000 | 0x01c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c60000 | 0x01c60000 | 0x01c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c70000 | 0x01c70000 | 0x01c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c80000 | 0x01c80000 | 0x01c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c90000 | 0x01c90000 | 0x01c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ca0000 | 0x01ca0000 | 0x01ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cb0000 | 0x01cb0000 | 0x01cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cc0000 | 0x01cc0000 | 0x01cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cd0000 | 0x01cd0000 | 0x01cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ce0000 | 0x01ce0000 | 0x01ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cf0000 | 0x01cf0000 | 0x01cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d00000 | 0x01d00000 | 0x01d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d10000 | 0x01d10000 | 0x01d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d20000 | 0x01d20000 | 0x01d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d30000 | 0x01d30000 | 0x01d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d40000 | 0x01d40000 | 0x01d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d50000 | 0x01d50000 | 0x01d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d60000 | 0x01d60000 | 0x01d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d70000 | 0x01d70000 | 0x01d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d80000 | 0x01d80000 | 0x01d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d90000 | 0x01d90000 | 0x01d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001da0000 | 0x01da0000 | 0x01da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001db0000 | 0x01db0000 | 0x01db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001dc0000 | 0x01dc0000 | 0x01dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001dd0000 | 0x01dd0000 | 0x01dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001de0000 | 0x01de0000 | 0x01de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001df0000 | 0x01df0000 | 0x01df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e00000 | 0x01e00000 | 0x01e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e10000 | 0x01e10000 | 0x01e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e20000 | 0x01e20000 | 0x01e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e30000 | 0x01e30000 | 0x01e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e40000 | 0x01e40000 | 0x01e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e50000 | 0x01e50000 | 0x01e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e60000 | 0x01e60000 | 0x01e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e70000 | 0x01e70000 | 0x01e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e80000 | 0x01e80000 | 0x01e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e90000 | 0x01e90000 | 0x01e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ea0000 | 0x01ea0000 | 0x01ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001eb0000 | 0x01eb0000 | 0x01eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ec0000 | 0x01ec0000 | 0x01ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ed0000 | 0x01ed0000 | 0x01ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ee0000 | 0x01ee0000 | 0x01ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ef0000 | 0x01ef0000 | 0x01ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f00000 | 0x01f00000 | 0x01f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f10000 | 0x01f10000 | 0x01f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f20000 | 0x01f20000 | 0x01f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f30000 | 0x01f30000 | 0x01f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f40000 | 0x01f40000 | 0x01f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f50000 | 0x01f50000 | 0x01f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f60000 | 0x01f60000 | 0x01f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f70000 | 0x01f70000 | 0x01f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f80000 | 0x01f80000 | 0x01f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f90000 | 0x01f90000 | 0x01f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fa0000 | 0x01fa0000 | 0x01fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fb0000 | 0x01fb0000 | 0x01fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fc0000 | 0x01fc0000 | 0x01fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fd0000 | 0x01fd0000 | 0x01fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001fe0000 | 0x01fe0000 | 0x01fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ff0000 | 0x01ff0000 | 0x01ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002000000 | 0x02000000 | 0x02000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002010000 | 0x02010000 | 0x02010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002020000 | 0x02020000 | 0x02020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002030000 | 0x02030000 | 0x02030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002040000 | 0x02040000 | 0x02040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002050000 | 0x02050000 | 0x02050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002060000 | 0x02060000 | 0x02060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002070000 | 0x02070000 | 0x02070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002080000 | 0x02080000 | 0x02080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000002090000 | 0x02090000 | 0x02090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020a0000 | 0x020a0000 | 0x020a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000020b0000 | 0x020b0000 | 0x020b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f37a000 | 0x7f37a000 | 0x7f37afff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x0000003806480000 | 0x3806480000 | 0x380649ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000038064a0000 | 0x38064a0000 | 0x38064b3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000038064c0000 | 0x38064c0000 | 0x38065bffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000038065c0000 | 0x38065c0000 | 0x38065c3fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000038065d0000 | 0x38065d0000 | 0x38065d0fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000038065e0000 | 0x38065e0000 | 0x38065e1fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff9a0000 | 0x7df5ff9a0000 | 0x7ff5ff99ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fce80000 | 0x7ff7fce80000 | 0x7ff7fcea2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fcea5000 | 0x7ff7fcea5000 | 0x7ff7fcea5fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fceae000 | 0x7ff7fceae000 | 0x7ff7fceaffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x480000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x490000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x4a0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x4b0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x4c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x4d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x4e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x4f0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x500000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x510000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x520000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x530000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x540000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x550000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x560000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x570000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x580000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x590000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x5a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x5b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x5d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x5e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x5f0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x610000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x630000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x650000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x670000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x680000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x690000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x6a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x6b0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x6c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x6d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x6e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x6f0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x700000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x710000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x720000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x730000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x740000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x750000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x760000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x770000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x780000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x790000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x7a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x7b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x7c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x7d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x7e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x7f0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x810000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x820000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x830000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x850000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x860000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x870000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x890000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x8a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x8b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x8d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x8e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x8f0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x900000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x910000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x920000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x930000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x940000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x950000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x960000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x970000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x980000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x990000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x9a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x9b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x9c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x9d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x9e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x9f0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xa00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xa10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xa20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xa30000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xa40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xa50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xa60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xa70000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xa90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xaa0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xab0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xad0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xae0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xaf0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xb10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xb20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xb30000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xb50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xb60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xb70000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xb90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xba0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xbb0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xbd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xbe0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xbf0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xc00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xc10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xc30000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xc50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xc60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xc70000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xc90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xca0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xcb0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xcd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xce0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xcf0000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xd10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xd20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xd30000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xd50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xd60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xd70000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xd90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xda0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xdb0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xdd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xdf0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xe10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xe30000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xe50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xe70000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xe90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xeb0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xec0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xed0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xef0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xf00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xf10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xf30000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xf40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xf60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xf70000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xf80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xfa0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xfb0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xfc0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xfe0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0xff0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1000000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1020000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1030000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1040000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1060000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1070000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1080000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1090000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x10a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x10b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x10c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x10d0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x10e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x10f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1100000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1110000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1120000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1130000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1140000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1150000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1160000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1170000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1180000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1190000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x11a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x11b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x11c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x11d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x11e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x11f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1200000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1210000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1220000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1230000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1240000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1250000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1260000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1280000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1290000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x12a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x12c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x12d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x12e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1300000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1310000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1320000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1340000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1350000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1360000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1380000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1390000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x13a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x13b0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x13c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x13d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x13e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x13f0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1400000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1410000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1420000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1430000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1440000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1450000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1460000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1480000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1490000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x14a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x14b0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x14c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x14d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x14e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x14f0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1500000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1510000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1520000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1530000, size = 22 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1540000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1550000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1560000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1570000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1580000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1590000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x15a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x15b0000, size = 22 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x15c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x15d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x15e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x15f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1600000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1610000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1620000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1630000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1640000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1650000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1660000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1670000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1680000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1690000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x16a0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x16b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x16d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x16f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1700000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1710000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1730000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1740000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1750000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1770000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1780000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1790000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x17a0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x17c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x17d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x17e0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x17f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1800000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1820000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1830000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1840000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1860000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1870000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1880000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x18a0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x18b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x18c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x18e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x18f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1900000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1920000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1930000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1940000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1960000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1970000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1980000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x19a0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x19b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x19c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x19e0000, size = 6 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x19f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1a00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1a20000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1a30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1a40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1a60000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1a70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1a90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1ab0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1ac0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1af0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1b00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1b10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1b20000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1b30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1b40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1b50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1b70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1b80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1b90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1ba0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1bb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1bc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1bd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1be0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1bf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1c00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1c10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1c20000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1c30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1c40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1c50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1c60000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1c70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1c80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1c90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1ca0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1cb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1cc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1cd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1ce0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1cf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1d00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1d30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1d40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1d50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1d60000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1d90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1db0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1dc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1e00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1e30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1e40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1e60000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1e70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1e80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1e90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1ea0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1eb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1ec0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1ed0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1ee0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1ef0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1f00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1f10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1f20000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1f30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1f40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1f50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1f60000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1f70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1f80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1f90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1fa0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1fb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1fc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1fd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1fe0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x1ff0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x2000000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x2010000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x2020000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x2030000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x2040000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x2050000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x2060000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x2070000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x2080000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x2090000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | address = 0x20b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1210 | No corresponding api call detected. Probably injected code via shellcode. | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #13 / 0x1220 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:29, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:06 |
| OS Thread IDs | #430 0x1224 #431 0x1228 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x001c0000 | 0x0027dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x002bffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002cffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002d0000 | 0x002d0000 | 0x003cffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x0067ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x0077ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008cffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000008d0000 | 0x008d0000 | 0x00a57fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000a60000 | 0x00a60000 | 0x00be0fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000bf0000 | 0x00bf0000 | 0x01feffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000001ff0000 | 0x01ff0000 | 0x020effff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile | |
|---|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | ||
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | ||
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | ||
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | ||
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | ||
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | ||
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | ||
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | ||
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x1220 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | ||
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | ||
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | ||
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | ||
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | ||
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | ||
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | ||
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | ||
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | ||
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | ||
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | ||
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | ||
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | ||
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | ||
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | ||
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | ||
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1230, os_pid = 0x122c, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | ||
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x122c, proc_address = 0xf80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 19 | | 1 | ||
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0xfc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 21 | | 1 | ||
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1000000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 21 | | 1 | ||
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1040000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1080000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x10c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1100000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1140000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1180000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x11c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1200000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1240000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1280000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x12c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1300000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1340000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1380000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x13c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1400000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 25 | | 1 | ||
| MEM | ALLOC | address = 0x1420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1440000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x1460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1480000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x14a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x14a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x14b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x14b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x14c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x14c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x14c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x14d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x14d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x14e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x14e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x14f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x14f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1500000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0x1520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1540000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x1560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1580000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x15a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x15a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x15b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x15b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x15c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x15c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x15c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x15d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x15d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x15e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x15e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x15f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x15f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1600000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x1620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1640000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1680000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x16a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x16a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x16b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x16b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x16c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x16c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x16c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x16d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x16d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x16e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x16e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x16f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x16f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1700000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 16 | | 1 | ||
| MEM | ALLOC | address = 0x1720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1740000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1780000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x17a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x17a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x17b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x17b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x17c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x17c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x17c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x17d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x17d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 8 | | 1 | ||
| MEM | ALLOC | address = 0x17e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x17e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x17f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x17f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1800000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0x1820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1840000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x1860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1880000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0x18a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x18a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x18b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x18b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x18c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x18c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x18c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x18d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x18d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0x18e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x18e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x18f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x18f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1900000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 19 | | 1 | ||
| MEM | ALLOC | address = 0x1920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1940000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1980000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 9 | | 1 | ||
| MEM | ALLOC | address = 0x19a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x19a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x19b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x19b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x19c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x19c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x19c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x19d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x19d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x19e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x19e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x19f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x19f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1a00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1a00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1a00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1a10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1a10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x1a20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1a20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1a30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1a30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1a40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1a40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1a40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1a50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1a50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x1a60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1a60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1a70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1a70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1a80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1a80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1a80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x1a90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1a90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0x1aa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1aa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1ab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1ab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x122c, proc_address = 0x1ab0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1ac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1ac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1ad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1ad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0x1ae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1ae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1af0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1af0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1af0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1b00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1b00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 10 | | 1 | ||
| MEM | ALLOC | address = 0x1b10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1b10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 11 | | 1 | ||
| MEM | ALLOC | address = 0x1b20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1b20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1b30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1b30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1b30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x1b40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1b40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1b50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1b50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1b60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1b60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x122c, proc_address = 0x1b60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1b70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1b70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0x1b80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1b80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1b90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1b90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1ba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1ba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1ba0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1bb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1bb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x1bc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1bc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1bd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1bd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1be0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1be0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1be0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1bf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1bf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1c00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1c00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1c10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1c10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1c20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1c20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1c20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x1c30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1c30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1c40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1c40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1c50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1c50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x122c, proc_address = 0x1c50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1c60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1c60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x1c70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1c70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1c80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1c80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1c90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1c90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1c90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1ca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1ca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1cb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1cb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1cc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1cc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1cd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1cd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1cd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1ce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 18, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1ce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 18 | | 1 | ||
| MEM | ALLOC | address = 0x1cf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1cf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1d00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1d00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1d10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1d10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1d10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | ||
| MEM | ALLOC | address = 0x1d20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1d20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1d30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1d30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1d40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1d40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 210 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x122c, proc_address = 0x1d40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1d50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1d50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 15 | | 1 | ||
| MEM | ALLOC | address = 0x1d60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1d60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1d70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1d70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1d80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1d80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1d80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1d90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1d90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 17 | | 1 | ||
| MEM | ALLOC | address = 0x1da0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1da0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1db0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1db0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1dc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1dc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1dc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1dd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1dd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x1de0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1de0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1df0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1df0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1e00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1e00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1e00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1e10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1e10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 12 | | 1 | ||
| MEM | ALLOC | address = 0x1e20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1e20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1e30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1e30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1e40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1e40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1e40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1e50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1e50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x1e60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1e60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1e70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1e70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1e80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1e80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1e80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | ||
| MEM | ALLOC | address = 0x1e90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1e90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 14 | | 1 | ||
| MEM | ALLOC | address = 0x1ea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1ea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 13 | | 1 | ||
| MEM | ALLOC | address = 0x1eb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1eb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 20 | | 1 | ||
| MEM | ALLOC | address = 0x1ec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | ||
| MEM | WRITE | address = 0x1ec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x122c, size = 142 | | 1 | ||
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x122c, proc_address = 0x1ec0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | ||
| For performance reasons, the remaining 21 entries are omitted. Click to download all 1021 entries as text file (0.86 MB). | ||||||
| Information | Value |
|---|---|
| ID / OS PID | #14 / 0x122c |
| OS Parent PID | 0x1220 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:32, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:03 |
| OS Thread IDs | #432 0x1230 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001370000 | 0x01370000 | 0x01370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001380000 | 0x01380000 | 0x01380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001390000 | 0x01390000 | 0x01390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013a0000 | 0x013a0000 | 0x013a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013b0000 | 0x013b0000 | 0x013b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013c0000 | 0x013c0000 | 0x013c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013d0000 | 0x013d0000 | 0x013d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013e0000 | 0x013e0000 | 0x013e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013f0000 | 0x013f0000 | 0x013f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001400000 | 0x01400000 | 0x01400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001410000 | 0x01410000 | 0x01410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001420000 | 0x01420000 | 0x01420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001430000 | 0x01430000 | 0x01430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001440000 | 0x01440000 | 0x01440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001450000 | 0x01450000 | 0x01450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001460000 | 0x01460000 | 0x01460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001470000 | 0x01470000 | 0x01470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001480000 | 0x01480000 | 0x01480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001490000 | 0x01490000 | 0x01490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014a0000 | 0x014a0000 | 0x014a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014b0000 | 0x014b0000 | 0x014b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014c0000 | 0x014c0000 | 0x014c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014d0000 | 0x014d0000 | 0x014d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014e0000 | 0x014e0000 | 0x014e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014f0000 | 0x014f0000 | 0x014f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001500000 | 0x01500000 | 0x01500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001510000 | 0x01510000 | 0x01510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001520000 | 0x01520000 | 0x01520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001530000 | 0x01530000 | 0x01530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001540000 | 0x01540000 | 0x01540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001550000 | 0x01550000 | 0x01550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001560000 | 0x01560000 | 0x01560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001570000 | 0x01570000 | 0x01570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001580000 | 0x01580000 | 0x01580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001590000 | 0x01590000 | 0x01590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015a0000 | 0x015a0000 | 0x015a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015b0000 | 0x015b0000 | 0x015b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015c0000 | 0x015c0000 | 0x015c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015d0000 | 0x015d0000 | 0x015d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015e0000 | 0x015e0000 | 0x015e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015f0000 | 0x015f0000 | 0x015f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001600000 | 0x01600000 | 0x01600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001610000 | 0x01610000 | 0x01610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001620000 | 0x01620000 | 0x01620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001630000 | 0x01630000 | 0x01630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001640000 | 0x01640000 | 0x01640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001650000 | 0x01650000 | 0x01650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001660000 | 0x01660000 | 0x01660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001670000 | 0x01670000 | 0x01670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001680000 | 0x01680000 | 0x01680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001690000 | 0x01690000 | 0x01690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016a0000 | 0x016a0000 | 0x016a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016b0000 | 0x016b0000 | 0x016b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016c0000 | 0x016c0000 | 0x016c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016d0000 | 0x016d0000 | 0x016d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016e0000 | 0x016e0000 | 0x016e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016f0000 | 0x016f0000 | 0x016f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001700000 | 0x01700000 | 0x01700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001710000 | 0x01710000 | 0x01710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001720000 | 0x01720000 | 0x01720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001730000 | 0x01730000 | 0x01730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001740000 | 0x01740000 | 0x01740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001750000 | 0x01750000 | 0x01750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001760000 | 0x01760000 | 0x01760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001770000 | 0x01770000 | 0x01770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001780000 | 0x01780000 | 0x01780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001790000 | 0x01790000 | 0x01790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017a0000 | 0x017a0000 | 0x017a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017b0000 | 0x017b0000 | 0x017b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017c0000 | 0x017c0000 | 0x017c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017d0000 | 0x017d0000 | 0x017d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017e0000 | 0x017e0000 | 0x017e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017f0000 | 0x017f0000 | 0x017f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001800000 | 0x01800000 | 0x01800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001810000 | 0x01810000 | 0x01810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001820000 | 0x01820000 | 0x01820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001830000 | 0x01830000 | 0x01830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001840000 | 0x01840000 | 0x01840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001850000 | 0x01850000 | 0x01850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001860000 | 0x01860000 | 0x01860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001870000 | 0x01870000 | 0x01870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001880000 | 0x01880000 | 0x01880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001890000 | 0x01890000 | 0x01890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018a0000 | 0x018a0000 | 0x018a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018b0000 | 0x018b0000 | 0x018b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018c0000 | 0x018c0000 | 0x018c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018d0000 | 0x018d0000 | 0x018d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018e0000 | 0x018e0000 | 0x018e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018f0000 | 0x018f0000 | 0x018f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001900000 | 0x01900000 | 0x01900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001910000 | 0x01910000 | 0x01910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001920000 | 0x01920000 | 0x01920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001930000 | 0x01930000 | 0x01930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001940000 | 0x01940000 | 0x01940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001950000 | 0x01950000 | 0x01950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001960000 | 0x01960000 | 0x01960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001970000 | 0x01970000 | 0x01970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001980000 | 0x01980000 | 0x01980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001990000 | 0x01990000 | 0x01990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019a0000 | 0x019a0000 | 0x019a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019b0000 | 0x019b0000 | 0x019b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019c0000 | 0x019c0000 | 0x019c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019d0000 | 0x019d0000 | 0x019d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019e0000 | 0x019e0000 | 0x019e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019f0000 | 0x019f0000 | 0x019f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a00000 | 0x01a00000 | 0x01a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a10000 | 0x01a10000 | 0x01a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a20000 | 0x01a20000 | 0x01a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a30000 | 0x01a30000 | 0x01a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a40000 | 0x01a40000 | 0x01a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a50000 | 0x01a50000 | 0x01a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a60000 | 0x01a60000 | 0x01a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a70000 | 0x01a70000 | 0x01a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a80000 | 0x01a80000 | 0x01a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a90000 | 0x01a90000 | 0x01a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001aa0000 | 0x01aa0000 | 0x01aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ab0000 | 0x01ab0000 | 0x01ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ac0000 | 0x01ac0000 | 0x01ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ad0000 | 0x01ad0000 | 0x01ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ae0000 | 0x01ae0000 | 0x01ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001af0000 | 0x01af0000 | 0x01af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b00000 | 0x01b00000 | 0x01b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b10000 | 0x01b10000 | 0x01b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b20000 | 0x01b20000 | 0x01b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b30000 | 0x01b30000 | 0x01b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b40000 | 0x01b40000 | 0x01b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b50000 | 0x01b50000 | 0x01b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b60000 | 0x01b60000 | 0x01b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b70000 | 0x01b70000 | 0x01b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b80000 | 0x01b80000 | 0x01b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001b90000 | 0x01b90000 | 0x01b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ba0000 | 0x01ba0000 | 0x01ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bb0000 | 0x01bb0000 | 0x01bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bc0000 | 0x01bc0000 | 0x01bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bd0000 | 0x01bd0000 | 0x01bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001be0000 | 0x01be0000 | 0x01be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001bf0000 | 0x01bf0000 | 0x01bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c00000 | 0x01c00000 | 0x01c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c10000 | 0x01c10000 | 0x01c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c20000 | 0x01c20000 | 0x01c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c30000 | 0x01c30000 | 0x01c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c40000 | 0x01c40000 | 0x01c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c50000 | 0x01c50000 | 0x01c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c60000 | 0x01c60000 | 0x01c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c70000 | 0x01c70000 | 0x01c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c80000 | 0x01c80000 | 0x01c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001c90000 | 0x01c90000 | 0x01c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ca0000 | 0x01ca0000 | 0x01ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cb0000 | 0x01cb0000 | 0x01cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cc0000 | 0x01cc0000 | 0x01cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cd0000 | 0x01cd0000 | 0x01cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ce0000 | 0x01ce0000 | 0x01ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001cf0000 | 0x01cf0000 | 0x01cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d00000 | 0x01d00000 | 0x01d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d10000 | 0x01d10000 | 0x01d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d20000 | 0x01d20000 | 0x01d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d30000 | 0x01d30000 | 0x01d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d40000 | 0x01d40000 | 0x01d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d50000 | 0x01d50000 | 0x01d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d60000 | 0x01d60000 | 0x01d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d70000 | 0x01d70000 | 0x01d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d80000 | 0x01d80000 | 0x01d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001d90000 | 0x01d90000 | 0x01d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001da0000 | 0x01da0000 | 0x01da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001db0000 | 0x01db0000 | 0x01db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001dc0000 | 0x01dc0000 | 0x01dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001dd0000 | 0x01dd0000 | 0x01dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001de0000 | 0x01de0000 | 0x01de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001df0000 | 0x01df0000 | 0x01df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e00000 | 0x01e00000 | 0x01e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e10000 | 0x01e10000 | 0x01e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e20000 | 0x01e20000 | 0x01e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e30000 | 0x01e30000 | 0x01e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e40000 | 0x01e40000 | 0x01e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e50000 | 0x01e50000 | 0x01e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e60000 | 0x01e60000 | 0x01e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e70000 | 0x01e70000 | 0x01e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e80000 | 0x01e80000 | 0x01e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001e90000 | 0x01e90000 | 0x01e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ea0000 | 0x01ea0000 | 0x01ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001eb0000 | 0x01eb0000 | 0x01eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ec0000 | 0x01ec0000 | 0x01ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ed0000 | 0x01ed0000 | 0x01ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ee0000 | 0x01ee0000 | 0x01ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ef0000 | 0x01ef0000 | 0x01ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001f00000 | 0x01f00000 | 0x01f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f097000 | 0x7f097000 | 0x7f097fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000ec27f60000 | 0xec27f60000 | 0xec27f7ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000ec27f80000 | 0xec27f80000 | 0xec27f93fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000ec27fa0000 | 0xec27fa0000 | 0xec2809ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000ec280a0000 | 0xec280a0000 | 0xec280a3fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000ec280b0000 | 0xec280b0000 | 0xec280b0fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000ec280c0000 | 0xec280c0000 | 0xec280c1fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff260000 | 0x7df5ff260000 | 0x7ff5ff25ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fcb10000 | 0x7ff7fcb10000 | 0x7ff7fcb32fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fcb3d000 | 0x7ff7fcb3d000 | 0x7ff7fcb3efff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fcb3f000 | 0x7ff7fcb3f000 | 0x7ff7fcb3ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0xf60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0xf70000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0xf80000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0xf90000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0xfa0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0xfb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0xfc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0xfd0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0xfe0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0xff0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1000000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1010000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1020000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1030000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1040000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1050000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1060000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1070000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1080000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1090000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x10b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x10c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x10d0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x10f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1100000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1110000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1130000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1140000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1150000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1160000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1170000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1180000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1190000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x11a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x11b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x11c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x11d0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x11e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x11f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1210000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1230000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1240000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1250000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1270000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1280000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1290000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x12b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x12c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x12d0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x12e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x12f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1300000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1310000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1320000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1330000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1340000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1350000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1360000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1370000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1380000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1390000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x13a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x13b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x13c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x13d0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x13e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x13f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1400000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1410000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1420000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1430000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1440000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1450000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1460000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1470000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1490000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x14a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x14b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x14d0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x14e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x14f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1510000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1520000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1530000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1540000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1550000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1560000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1570000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1580000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1590000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x15a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x15b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x15c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x15d0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x15e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x15f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1600000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1610000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1620000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1630000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1640000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1650000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1660000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1670000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1680000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1690000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x16a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x16b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x16c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x16d0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x16e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x16f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1700000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1710000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1720000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1730000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1740000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1750000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1760000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1770000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1780000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1790000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x17a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x17b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x17c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x17d0000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x17e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x17f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1800000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1810000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1820000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1830000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1840000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1850000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1860000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1870000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1880000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1890000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x18a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x18b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x18c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x18d0000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x18e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x18f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1900000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1910000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1920000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1930000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1940000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1950000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1960000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1980000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1990000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x19a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x19b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x19c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x19d0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x19e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x19f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1a00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1a10000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1a20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1a30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1a40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1a50000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1a60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1a70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1a80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1a90000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1aa0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1ab0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1ac0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1ad0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1ae0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1af0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1b00000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1b10000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1b20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1b30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1b40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1b50000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1b60000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1b70000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1b80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1b90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1ba0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1bc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1bd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1bf0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1c00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1c10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1c30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1c40000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1c50000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1c60000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1c70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1c80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1c90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1ca0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1cb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1cc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1ce0000, size = 18 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1d00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1d10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1d20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1d30000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1d40000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1d50000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1d60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1d70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1d80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1d90000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1da0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1db0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1dc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1dd0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1de0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1df0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1e00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1e10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1e20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1e30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1e40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1e50000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1e60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1e70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1e80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1e90000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1ea0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1eb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1ec0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1ed0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1ee0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | address = 0x1ef0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1224 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #15 / 0x1234 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:34, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:01 |
| OS Thread IDs | #433 0x1238 #434 0x123C |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x001c0000 | 0x0027dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x002bffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002cffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002f0000 | 0x002f0000 | 0x003effff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x0067ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x0077ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000007d0000 | 0x007d0000 | 0x007dffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000007e0000 | 0x007e0000 | 0x00967fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000970000 | 0x00970000 | 0x00af0fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000b00000 | 0x00b00000 | 0x01efffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000001fd0000 | 0x01fd0000 | 0x020cffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x1234 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1278, os_pid = 0x1274, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x1274, proc_address = 0x610000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x650000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x690000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x6d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x710000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x750000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x790000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x7d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x810000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x850000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x890000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x8d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x910000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x950000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x990000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x9d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xa10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xa50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xa90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 25 | | 1 | |
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xad0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xb10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xb50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xb90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xbd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xc10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xc50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xc90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 14 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xcd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xd10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xd50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xd90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xdd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xe10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xe50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 8 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xe90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xed0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xf10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 11 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xf50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 17 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xf90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0xfd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x1010000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1274, proc_address = 0x1050000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1274, size = 12 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #16 / 0x1240 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:35, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:00 |
| OS Thread IDs | #435 0x1244 #436 0x1248 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000200000 | 0x00200000 | 0x00200fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000270000 | 0x00270000 | 0x0027ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002e0000 | 0x002e0000 | 0x003dffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| locale.nls | 0x00580000 | 0x0063dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x0073ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x0083ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000840000 | 0x00840000 | 0x009c7fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000000009d0000 | 0x009d0000 | 0x00b50fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000b60000 | 0x00b60000 | 0x01f5ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000002030000 | 0x02030000 | 0x0212ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002130000 | 0x02130000 | 0x0222ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x1240 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x128c, os_pid = 0x1288, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x1288, proc_address = 0xff0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1030000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1070000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x10b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x10f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1130000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1170000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x11b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x11f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1230000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1270000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x12b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x12f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1330000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1370000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x13b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x13f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1430000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1470000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 25 | | 1 | |
| MEM | ALLOC | address = 0x1490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x14a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x14b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x14b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x14c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x14d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x14e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x14f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x14f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1530000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1570000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x1590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x15a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x15b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x15b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x15c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x15d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x15e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x15f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x15f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1630000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1670000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 14 | | 1 | |
| MEM | ALLOC | address = 0x1690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x16a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x16b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x16b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x16c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x16d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x16e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x16f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x16f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1730000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1770000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x1790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x17a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x17a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x17b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x17b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x17b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x17c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x17c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x17d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x17d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x17e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x17e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x17f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x17f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x17f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1830000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 8 | | 1 | |
| MEM | ALLOC | address = 0x1850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1870000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x1890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x18a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x18a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x18b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x18b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x18b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x18c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x18c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x18d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x18d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x18e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x18e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x18f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x18f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x18f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 11 | | 1 | |
| MEM | ALLOC | address = 0x1910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1930000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 17 | | 1 | |
| MEM | ALLOC | address = 0x1950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1970000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x1990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x19a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x19a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x19b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x19b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x19b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x19c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x19c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x19d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x19d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x19e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x19e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x19f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x19f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x19f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1a00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1a00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x1a10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1a10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1a20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1a20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1a30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1a30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1a30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1a40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1a40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1a50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1a50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1a60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1a60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1a70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1a70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1a70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1a80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1a80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1a90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1a90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1aa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1aa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1ab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1ab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1288, proc_address = 0x1ab0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1ac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1ac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1288, size = 15 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #17 / 0x124c |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:35, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:00 |
| OS Thread IDs | #437 0x1250 #438 0x1254 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000001f0000 | 0x001f0000 | 0x001fffff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x00200000 | 0x002bdfff | Memory Mapped File | Readable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000300000 | 0x00300000 | 0x003fffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x0067ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006cffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x0080ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000810000 | 0x00810000 | 0x00997fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000000009a0000 | 0x009a0000 | 0x00b20fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000b30000 | 0x00b30000 | 0x01f2ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000002000000 | 0x02000000 | 0x020fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x124c | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1294, os_pid = 0x1290, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x2a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x2b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x2c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x1290, proc_address = 0x2c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x2d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x300000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x340000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x380000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x3c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x400000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x440000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x480000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x4c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x500000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x540000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x580000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x5c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x600000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x640000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x680000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x6c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x700000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x740000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 25 | | 1 | |
| MEM | ALLOC | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x780000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x7c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x800000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x840000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x880000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x8c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x900000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x940000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 14 | | 1 | |
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x980000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0x9c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0xa00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0xa40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0xa80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0xac0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0xb00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 8 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0xb40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0xb80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0xbc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 11 | | 1 | |
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0xc00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 17 | | 1 | |
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0xc40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0xc80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0xcc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1290, proc_address = 0xd00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1290, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #18 / 0x1258 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:35, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:00 |
| OS Thread IDs | #439 0x125C #440 0x1260 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x001c0000 | 0x0027dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x002bffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000360000 | 0x00360000 | 0x0036ffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x0067ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x007cffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000007d0000 | 0x007d0000 | 0x00957fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x0096ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000970000 | 0x00970000 | 0x00af0fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000b00000 | 0x00b00000 | 0x01efffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000001f00000 | 0x01f00000 | 0x01ffffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000020a0000 | 0x020a0000 | 0x0219ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x1258 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x12ac, os_pid = 0x12a8, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x12a8, proc_address = 0x900000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x940000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x980000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x9c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xa00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xa40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xa80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xac0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xb00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xb40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xb80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xbc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xc00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xc40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xc80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xcc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xd00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xd40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xd80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 25 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xdc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xe00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xe40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xe80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xec0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xf00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xf40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xf80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 14 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0xfc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x1000000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x1040000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x1080000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x10c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x1100000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x1140000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 8 | | 1 | |
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x1180000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x11c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x1200000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 11 | | 1 | |
| MEM | ALLOC | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x1240000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 17 | | 1 | |
| MEM | ALLOC | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x1280000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x12c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x1300000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12a8, proc_address = 0x1340000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 13 | | 1 | |
| MEM | ALLOC | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12a8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #19 / 0x1268 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:36, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:59 |
| OS Thread IDs | #441 0x126C #442 0x1270 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x001c0000 | 0x0027dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x0028ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000290000 | 0x00290000 | 0x002cffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002d0000 | 0x002d0000 | 0x003cffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x0000000000580000 | 0x00580000 | 0x00707fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x0080ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000810000 | 0x00810000 | 0x00990fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009bffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000009c0000 | 0x009c0000 | 0x01dbffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000001dc0000 | 0x01dc0000 | 0x01ebffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000001f60000 | 0x01f60000 | 0x0205ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x1268 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x12cc, os_pid = 0x12c8, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x12c8, proc_address = 0xd10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0xd50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0xd90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0xdd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0xe10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0xe50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0xe90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0xed0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0xf10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0xf50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0xf90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0xfd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1010000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1050000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1090000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x10d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1110000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1150000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1190000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 25 | | 1 | |
| MEM | ALLOC | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x11d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1210000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1250000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1290000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x12d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1310000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1350000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1390000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 14 | | 1 | |
| MEM | ALLOC | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x13d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1410000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1450000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1490000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x14a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x14b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x14c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x14d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x14d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x14e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x14f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1510000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1550000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 8 | | 1 | |
| MEM | ALLOC | address = 0x1570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1590000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x15a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x15b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x15c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x15d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x15d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x15e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x15f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1610000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 11 | | 1 | |
| MEM | ALLOC | address = 0x1630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1650000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 17 | | 1 | |
| MEM | ALLOC | address = 0x1670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1690000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x16a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x16b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x16c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x16d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x16d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x16e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x16f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1710000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x1730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12c8, proc_address = 0x1750000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12c8, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #20 / 0x1274 |
| OS Parent PID | 0x1234 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:38, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:57 |
| OS Thread IDs | #443 0x1278 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000600000 | 0x00600000 | 0x00600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x00750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x00760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007f0000 | 0x007f0000 | 0x007f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000810000 | 0x00810000 | 0x00810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000890000 | 0x00890000 | 0x00890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f3db000 | 0x7f3db000 | 0x7f3dbfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000b6e55f0000 | 0xb6e55f0000 | 0xb6e560ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000b6e5610000 | 0xb6e5610000 | 0xb6e5623fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000b6e5630000 | 0xb6e5630000 | 0xb6e572ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000b6e5730000 | 0xb6e5730000 | 0xb6e5733fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000b6e5740000 | 0xb6e5740000 | 0xb6e5740fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000b6e5750000 | 0xb6e5750000 | 0xb6e5751fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff340000 | 0x7df5ff340000 | 0x7ff5ff33ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc800000 | 0x7ff7fc800000 | 0x7ff7fc822fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc82d000 | 0x7ff7fc82d000 | 0x7ff7fc82efff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc82f000 | 0x7ff7fc82f000 | 0x7ff7fc82ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x5f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x600000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x610000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x620000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x630000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x640000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x650000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x660000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x670000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x680000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x690000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x6a0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x6b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x6c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x6d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x6e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x6f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x700000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x710000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x720000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x730000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x740000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x750000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x760000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x770000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x780000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x790000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x7a0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x7b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x7c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x7d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x7e0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x7f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x800000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x810000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x820000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x830000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x840000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x850000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x860000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x870000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x880000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x890000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x8a0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x8b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x8c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x8e0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x8f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x900000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x910000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x920000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x930000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x940000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x950000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x960000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x970000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x980000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x990000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x9a0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x9b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x9c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x9d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x9e0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x9f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xa00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xa10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xa20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xa30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xa40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xa50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xa60000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xa70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xa80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xa90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xaa0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xab0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xac0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xae0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xaf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xb00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xb10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xb20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xb30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xb40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xb50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xb60000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xb70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xb80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xb90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xba0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xbb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xbc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xbd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xbe0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xbf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xc00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xc10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xc20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xc30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xc40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xc50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xc60000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xc70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xc80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xc90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xca0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xcb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xcc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xcd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xce0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xcf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xd00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xd20000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xd30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xd40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xd60000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xd70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xd80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xd90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xda0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xdb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xdc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xdd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xde0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xdf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xe00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xe10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xe20000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xe30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xe40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xe50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xe60000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xe70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xe80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xe90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xea0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xeb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xec0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xed0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xee0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xef0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xf00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xf10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xf20000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xf30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xf40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xf50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xf60000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xf70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xf80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xf90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xfa0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xfb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xfc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xfd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xfe0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0xff0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x1000000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x1010000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x1020000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x1030000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x1040000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1238 | address = 0x1050000, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #21 / 0x127c |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:38, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:57 |
| OS Thread IDs | #444 0x1280 #445 0x1284 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000200000 | 0x00200000 | 0x00200fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000220000 | 0x00220000 | 0x0031ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000360000 | 0x00360000 | 0x0036ffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| locale.nls | 0x00580000 | 0x0063dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x0073ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x0083ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000840000 | 0x00840000 | 0x009c7fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000000009d0000 | 0x009d0000 | 0x00b50fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000b60000 | 0x00b60000 | 0x01f5ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000002030000 | 0x02030000 | 0x0212ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002130000 | 0x02130000 | 0x0222ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x127c | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x12e4, os_pid = 0x12e0, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x12e0, proc_address = 0x630000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0x670000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0x6b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0x6f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0x730000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0x770000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0x7b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0x7f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0x830000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0x870000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0x8b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0x8f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0x930000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0x970000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0x9b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0x9f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xa30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xa70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xab0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 25 | | 1 | |
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xaf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xb30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xb70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xbb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xbf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xc30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xc70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xcb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 14 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xcf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xd30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xd70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xdb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xdf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xe30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xe70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 8 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xeb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xef0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xf30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 11 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xf70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 17 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xfb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0xff0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e0, proc_address = 0x1030000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e0, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #22 / 0x1288 |
| OS Parent PID | 0x1240 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:39, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:56 |
| OS Thread IDs | #446 0x128C |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001370000 | 0x01370000 | 0x01370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001380000 | 0x01380000 | 0x01380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001390000 | 0x01390000 | 0x01390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013a0000 | 0x013a0000 | 0x013a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013b0000 | 0x013b0000 | 0x013b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013c0000 | 0x013c0000 | 0x013c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013d0000 | 0x013d0000 | 0x013d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013e0000 | 0x013e0000 | 0x013e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013f0000 | 0x013f0000 | 0x013f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001400000 | 0x01400000 | 0x01400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001410000 | 0x01410000 | 0x01410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001420000 | 0x01420000 | 0x01420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001430000 | 0x01430000 | 0x01430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001440000 | 0x01440000 | 0x01440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001450000 | 0x01450000 | 0x01450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001460000 | 0x01460000 | 0x01460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001470000 | 0x01470000 | 0x01470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001480000 | 0x01480000 | 0x01480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001490000 | 0x01490000 | 0x01490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014a0000 | 0x014a0000 | 0x014a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014b0000 | 0x014b0000 | 0x014b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014c0000 | 0x014c0000 | 0x014c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014d0000 | 0x014d0000 | 0x014d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014e0000 | 0x014e0000 | 0x014e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014f0000 | 0x014f0000 | 0x014f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001500000 | 0x01500000 | 0x01500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001510000 | 0x01510000 | 0x01510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001520000 | 0x01520000 | 0x01520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001530000 | 0x01530000 | 0x01530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001540000 | 0x01540000 | 0x01540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001550000 | 0x01550000 | 0x01550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001560000 | 0x01560000 | 0x01560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001570000 | 0x01570000 | 0x01570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001580000 | 0x01580000 | 0x01580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001590000 | 0x01590000 | 0x01590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015a0000 | 0x015a0000 | 0x015a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015b0000 | 0x015b0000 | 0x015b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015c0000 | 0x015c0000 | 0x015c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015d0000 | 0x015d0000 | 0x015d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015e0000 | 0x015e0000 | 0x015e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015f0000 | 0x015f0000 | 0x015f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001600000 | 0x01600000 | 0x01600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001610000 | 0x01610000 | 0x01610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001620000 | 0x01620000 | 0x01620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001630000 | 0x01630000 | 0x01630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001640000 | 0x01640000 | 0x01640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001650000 | 0x01650000 | 0x01650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001660000 | 0x01660000 | 0x01660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001670000 | 0x01670000 | 0x01670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001680000 | 0x01680000 | 0x01680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001690000 | 0x01690000 | 0x01690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016a0000 | 0x016a0000 | 0x016a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016b0000 | 0x016b0000 | 0x016b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016c0000 | 0x016c0000 | 0x016c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016d0000 | 0x016d0000 | 0x016d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016e0000 | 0x016e0000 | 0x016e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016f0000 | 0x016f0000 | 0x016f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001700000 | 0x01700000 | 0x01700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001710000 | 0x01710000 | 0x01710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001720000 | 0x01720000 | 0x01720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001730000 | 0x01730000 | 0x01730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001740000 | 0x01740000 | 0x01740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001750000 | 0x01750000 | 0x01750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001760000 | 0x01760000 | 0x01760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001770000 | 0x01770000 | 0x01770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001780000 | 0x01780000 | 0x01780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001790000 | 0x01790000 | 0x01790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017a0000 | 0x017a0000 | 0x017a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017b0000 | 0x017b0000 | 0x017b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017c0000 | 0x017c0000 | 0x017c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017d0000 | 0x017d0000 | 0x017d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017e0000 | 0x017e0000 | 0x017e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017f0000 | 0x017f0000 | 0x017f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001800000 | 0x01800000 | 0x01800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001810000 | 0x01810000 | 0x01810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001820000 | 0x01820000 | 0x01820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001830000 | 0x01830000 | 0x01830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001840000 | 0x01840000 | 0x01840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001850000 | 0x01850000 | 0x01850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001860000 | 0x01860000 | 0x01860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001870000 | 0x01870000 | 0x01870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001880000 | 0x01880000 | 0x01880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001890000 | 0x01890000 | 0x01890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018a0000 | 0x018a0000 | 0x018a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018b0000 | 0x018b0000 | 0x018b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018c0000 | 0x018c0000 | 0x018c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018d0000 | 0x018d0000 | 0x018d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018e0000 | 0x018e0000 | 0x018e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000018f0000 | 0x018f0000 | 0x018f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001900000 | 0x01900000 | 0x01900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001910000 | 0x01910000 | 0x01910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001920000 | 0x01920000 | 0x01920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001930000 | 0x01930000 | 0x01930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001940000 | 0x01940000 | 0x01940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001950000 | 0x01950000 | 0x01950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001960000 | 0x01960000 | 0x01960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001970000 | 0x01970000 | 0x01970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001980000 | 0x01980000 | 0x01980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001990000 | 0x01990000 | 0x01990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019a0000 | 0x019a0000 | 0x019a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019b0000 | 0x019b0000 | 0x019b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019c0000 | 0x019c0000 | 0x019c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019d0000 | 0x019d0000 | 0x019d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019e0000 | 0x019e0000 | 0x019e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000019f0000 | 0x019f0000 | 0x019f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a00000 | 0x01a00000 | 0x01a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a10000 | 0x01a10000 | 0x01a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a20000 | 0x01a20000 | 0x01a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a30000 | 0x01a30000 | 0x01a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a40000 | 0x01a40000 | 0x01a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a50000 | 0x01a50000 | 0x01a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a60000 | 0x01a60000 | 0x01a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a70000 | 0x01a70000 | 0x01a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a80000 | 0x01a80000 | 0x01a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001a90000 | 0x01a90000 | 0x01a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001aa0000 | 0x01aa0000 | 0x01aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ab0000 | 0x01ab0000 | 0x01ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001ac0000 | 0x01ac0000 | 0x01ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f2c8000 | 0x7f2c8000 | 0x7f2c8fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000a7affd0000 | 0xa7affd0000 | 0xa7affeffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000a7afff0000 | 0xa7afff0000 | 0xa7b0003fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000a7b0010000 | 0xa7b0010000 | 0xa7b010ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000a7b0110000 | 0xa7b0110000 | 0xa7b0113fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000a7b0120000 | 0xa7b0120000 | 0xa7b0120fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000a7b0130000 | 0xa7b0130000 | 0xa7b0131fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ffe60000 | 0x7df5ffe60000 | 0x7ff5ffe5ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc670000 | 0x7ff7fc670000 | 0x7ff7fc692fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc69d000 | 0x7ff7fc69d000 | 0x7ff7fc69efff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc69f000 | 0x7ff7fc69f000 | 0x7ff7fc69ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0xfd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0xfe0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0xff0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1000000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1010000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1020000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1030000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1040000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1050000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1060000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1070000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1080000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1090000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x10a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x10b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x10c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x10d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x10e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x10f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1100000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1110000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1120000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1130000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1140000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1150000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1160000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1170000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1180000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1190000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x11a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x11c0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x11d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x11e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1200000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1210000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1220000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1240000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1250000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1260000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1280000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1290000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x12a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x12c0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x12d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x12e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1300000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1310000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1320000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1340000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1350000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1360000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1380000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1390000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x13a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x13c0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x13d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x13e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1400000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1410000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1420000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1440000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1450000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1460000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1470000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1480000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1490000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x14a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x14b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x14c0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x14d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x14f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1500000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1510000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1520000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1530000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1540000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1550000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1560000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1570000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1580000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1590000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x15a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x15c0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x15d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x15e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1600000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1610000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1620000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1640000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1650000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1660000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1680000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1690000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x16a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x16c0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x16d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x16e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1700000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1710000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1720000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1740000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1750000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1760000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1780000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1790000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x17a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x17c0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x17d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x17e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1800000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1810000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1820000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1840000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1850000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1870000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1880000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1890000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x18a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x18b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x18c0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x18d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x18e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x18f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1900000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1910000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1920000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1930000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1940000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1950000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1960000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1980000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1990000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x19b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x19c0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x19d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x19f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1a00000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1a10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1a20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1a30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1a40000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1a50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1a60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1a70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1a80000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1a90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1aa0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | address = 0x1ac0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1244 | No corresponding api call detected. Probably injected code via shellcode. | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #23 / 0x1290 |
| OS Parent PID | 0x124c (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:39, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:56 |
| OS Thread IDs | #447 0x1294 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x00000000002a0000 | 0x002a0000 | 0x002a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000300000 | 0x00300000 | 0x00300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000310000 | 0x00310000 | 0x00310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000320000 | 0x00320000 | 0x00320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000330000 | 0x00330000 | 0x00330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000340000 | 0x00340000 | 0x00340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000350000 | 0x00350000 | 0x00350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000360000 | 0x00360000 | 0x00360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000370000 | 0x00370000 | 0x00370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000380000 | 0x00380000 | 0x00380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000390000 | 0x00390000 | 0x00390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003a0000 | 0x003a0000 | 0x003a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003c0000 | 0x003c0000 | 0x003c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000400000 | 0x00400000 | 0x00400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000410000 | 0x00410000 | 0x00410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000420000 | 0x00420000 | 0x00420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000430000 | 0x00430000 | 0x00430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000440000 | 0x00440000 | 0x00440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000450000 | 0x00450000 | 0x00450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000460000 | 0x00460000 | 0x00460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000470000 | 0x00470000 | 0x00470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000480000 | 0x00480000 | 0x00480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000490000 | 0x00490000 | 0x00490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004a0000 | 0x004a0000 | 0x004a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004b0000 | 0x004b0000 | 0x004b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004c0000 | 0x004c0000 | 0x004c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004f0000 | 0x004f0000 | 0x004f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000500000 | 0x00500000 | 0x00500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000520000 | 0x00520000 | 0x00520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000530000 | 0x00530000 | 0x00530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000550000 | 0x00550000 | 0x00550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000560000 | 0x00560000 | 0x00560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000570000 | 0x00570000 | 0x00570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x00580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000590000 | 0x00590000 | 0x00590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005a0000 | 0x005a0000 | 0x005a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005b0000 | 0x005b0000 | 0x005b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005c0000 | 0x005c0000 | 0x005c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005d0000 | 0x005d0000 | 0x005d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005e0000 | 0x005e0000 | 0x005e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000600000 | 0x00600000 | 0x00600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x00750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x00760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007f0000 | 0x007f0000 | 0x007f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000810000 | 0x00810000 | 0x00810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000890000 | 0x00890000 | 0x00890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007feca000 | 0x7feca000 | 0x7fecafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x0000009a442a0000 | 0x9a442a0000 | 0x9a442bffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000009a442c0000 | 0x9a442c0000 | 0x9a442d3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000009a442e0000 | 0x9a442e0000 | 0x9a443dffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000009a443e0000 | 0x9a443e0000 | 0x9a443e3fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000009a443f0000 | 0x9a443f0000 | 0x9a443f0fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000009a44400000 | 0x9a44400000 | 0x9a44401fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff840000 | 0x7df5ff840000 | 0x7ff5ff83ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fd360000 | 0x7ff7fd360000 | 0x7ff7fd382fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fd385000 | 0x7ff7fd385000 | 0x7ff7fd385fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fd38e000 | 0x7ff7fd38e000 | 0x7ff7fd38ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x2a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x2b0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x2c0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x2d0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x2e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x2f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x300000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x310000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x320000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x330000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x340000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x350000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x360000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x370000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x380000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x390000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x3a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x3b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x3c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x3d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x3e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x3f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x400000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x410000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x420000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x430000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x440000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x450000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x460000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x480000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x490000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x4a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x4d0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x4e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x510000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x520000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x540000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x550000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x560000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x580000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x590000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x5a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x5c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x5d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x5e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x5f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x610000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x620000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x630000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x650000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x660000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x670000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x690000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x6a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x6b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x6d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x6e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x700000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x710000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x720000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x730000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x740000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x760000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x770000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x780000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x790000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x7a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x7b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x7c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x7d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x7e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x7f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x800000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x810000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x820000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x830000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x840000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x850000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x860000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x870000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x880000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x890000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x8a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x8b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x8c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x8d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x8e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x900000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x910000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x920000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x930000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x940000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x950000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x970000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x980000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x990000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x9a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x9b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x9c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x9d0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x9e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0x9f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xa00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xa10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xa20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xa30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xa40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xa50000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xa60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xa70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xa80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xa90000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xaa0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xab0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xac0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xad0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xae0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xaf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xb10000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xb20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xb30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xb40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xb50000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xb60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xb70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xb90000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xba0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xbb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xbd0000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xbe0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xbf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xc00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xc10000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xc20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xc30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xc40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xc50000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xc60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xc70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xc80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xc90000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xca0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xcb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xcc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xcd0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xce0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xcf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xd00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xd10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | address = 0xd30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1250 | No corresponding api call detected. Probably injected code via shellcode. | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #24 / 0x1298 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:39, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:56 |
| OS Thread IDs | #448 0x129C #450 0x12B0 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x001c0000 | 0x0027dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x002bffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000350000 | 0x00350000 | 0x0035ffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x0071ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x0081ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x0090ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000910000 | 0x00910000 | 0x00a97fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000aa0000 | 0x00aa0000 | 0x00c20fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000c30000 | 0x00c30000 | 0x0202ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000002100000 | 0x02100000 | 0x021fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002200000 | 0x02200000 | 0x022fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x1298 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x12ec, os_pid = 0x12e8, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x12e8, proc_address = 0xb10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xb50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xb90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xbd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xc10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xc50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xc90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xcd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xd10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xd50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xd90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xdd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xe10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xe50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xe90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xed0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xf10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xf50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xf90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 25 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0xfd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x1010000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x1050000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x1090000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x10d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x1110000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x1150000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x1190000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 14 | | 1 | |
| MEM | ALLOC | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x11d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x1210000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x1250000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x1290000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x12d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x1310000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x1350000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 8 | | 1 | |
| MEM | ALLOC | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x1390000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x13d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x1410000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 11 | | 1 | |
| MEM | ALLOC | address = 0x1430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x1450000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 17 | | 1 | |
| MEM | ALLOC | address = 0x1470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12e8, proc_address = 0x1490000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x14a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 19 | | 1 | |
| MEM | ALLOC | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12e8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #25 / 0x12a8 |
| OS Parent PID | 0x1258 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:39, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:56 |
| OS Thread IDs | #449 0x12AC |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f249000 | 0x7f249000 | 0x7f249fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x0000006f4b8e0000 | 0x6f4b8e0000 | 0x6f4b8fffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000006f4b900000 | 0x6f4b900000 | 0x6f4b913fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000006f4b920000 | 0x6f4b920000 | 0x6f4ba1ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000006f4ba20000 | 0x6f4ba20000 | 0x6f4ba23fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000006f4ba30000 | 0x6f4ba30000 | 0x6f4ba30fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000006f4ba40000 | 0x6f4ba40000 | 0x6f4ba41fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ffb70000 | 0x7df5ffb70000 | 0x7ff5ffb6ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fca60000 | 0x7ff7fca60000 | 0x7ff7fca82fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fca85000 | 0x7ff7fca85000 | 0x7ff7fca85fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fca8e000 | 0x7ff7fca8e000 | 0x7ff7fca8ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x8e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x8f0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x900000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x910000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x920000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x930000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x940000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x950000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x960000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x970000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x980000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x990000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x9a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x9b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x9c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x9d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x9e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x9f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xa00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xa10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xa20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xa30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xa40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xa50000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xa60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xa70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xa90000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xaa0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xab0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xac0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xad0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xae0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xaf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xb00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xb10000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xb20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xb30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xb40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xb50000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xb60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xb70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xb80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xb90000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xba0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xbb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xbc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xbd0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xbe0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xbf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xc00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xc20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xc30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xc40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xc50000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xc60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xc70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xc80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xc90000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xca0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xcb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xcc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xcd0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xce0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xcf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xd00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xd10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xd20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xd30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xd40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xd50000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xd60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xd70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xd80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xd90000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xda0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xdb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xdc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xdd0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xde0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xdf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xe00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xe10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xe20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xe30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xe40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xe50000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xe60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xe70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xe90000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xea0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xeb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xec0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xed0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xee0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xef0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xf10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xf20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xf30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xf40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xf50000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xf60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xf70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xf80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xf90000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xfa0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xfb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xfc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xfd0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xfe0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0xff0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1000000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1010000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1020000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1030000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1050000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1060000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1070000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1090000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x10a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x10b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x10c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x10d0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x10e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x10f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1110000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1120000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1130000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1150000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1160000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1170000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1180000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1190000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x11a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x11b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x11c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x11d0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x11e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x11f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1200000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1210000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1220000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1230000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1250000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1260000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1270000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1280000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1290000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x12a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x12b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x12c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x12d0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x12e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x12f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1300000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1310000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1320000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1330000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1340000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1350000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x125c | address = 0x1360000, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #26 / 0x12b4 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:40, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:55 |
| OS Thread IDs | #451 0x12B8 #452 0x12BC |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x001c0000 | 0x0027dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x002bffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000390000 | 0x00390000 | 0x0039ffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x0075ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x0085ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x0095ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009effff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000009f0000 | 0x009f0000 | 0x00b77fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000b80000 | 0x00b80000 | 0x00d00fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000d10000 | 0x00d10000 | 0x0210ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000002110000 | 0x02110000 | 0x0220ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x12b4 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1314, os_pid = 0x1310, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x1310, proc_address = 0x530000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x570000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x5b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x5f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x630000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x670000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x6b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x6f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x730000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x770000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x7b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x7f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x830000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x870000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x8b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x8f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x930000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x970000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x9b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 25 | | 1 | |
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0x9f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xa30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xa70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xab0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xaf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xb30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xb70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xbb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 14 | | 1 | |
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xbf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xc30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xc70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xcb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xcf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xd30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xd70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 8 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xdb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xdf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xe30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 11 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xe70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 17 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xeb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xef0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1310, proc_address = 0xf30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1310, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #27 / 0x12c0 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:40, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:55 |
| OS Thread IDs | #453 0x12C4 #455 0x12D0 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000200000 | 0x00200000 | 0x00200fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000210000 | 0x00210000 | 0x0021ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000240000 | 0x00240000 | 0x0024ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x0037ffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| locale.nls | 0x00580000 | 0x0063dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x0073ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000740000 | 0x00740000 | 0x008c7fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000000008d0000 | 0x008d0000 | 0x00a50fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000a60000 | 0x00a60000 | 0x01e5ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000001e60000 | 0x01e60000 | 0x01f5ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002000000 | 0x02000000 | 0x020fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x12c0 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1328, os_pid = 0x1324, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x1324, proc_address = 0xe20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0xe60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0xea0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0xee0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0xf20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0xf60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0xfa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0xfe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x1020000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x1060000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x10a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x10e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x1120000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x1160000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x11a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x11e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x1220000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x1260000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x12a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 25 | | 1 | |
| MEM | ALLOC | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x12e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x1320000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x1360000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x13a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x13e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x1420000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x1460000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x14a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x14a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x14b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 14 | | 1 | |
| MEM | ALLOC | address = 0x14c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x14d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x14e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x14e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x14f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x1520000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x1560000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x15a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x15a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x15b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x15c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x15d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x15e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x15e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x15f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x1620000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x1660000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 8 | | 1 | |
| MEM | ALLOC | address = 0x1680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x16a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x16a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x16b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x16c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x16d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x16e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x16e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x16f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x16f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x1720000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 11, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 11 | | 1 | |
| MEM | ALLOC | address = 0x1740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x1760000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 17, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 17 | | 1 | |
| MEM | ALLOC | address = 0x1780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x17a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x17a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x17a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x17b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x17b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x17c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x17c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x17d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x17d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x17e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x17e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1324, proc_address = 0x17e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1324, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #28 / 0x12c8 |
| OS Parent PID | 0x1268 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:40, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:55 |
| OS Thread IDs | #454 0x12CC |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001370000 | 0x01370000 | 0x01370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001380000 | 0x01380000 | 0x01380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001390000 | 0x01390000 | 0x01390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013a0000 | 0x013a0000 | 0x013a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013b0000 | 0x013b0000 | 0x013b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013c0000 | 0x013c0000 | 0x013c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013d0000 | 0x013d0000 | 0x013d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013e0000 | 0x013e0000 | 0x013e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013f0000 | 0x013f0000 | 0x013f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001400000 | 0x01400000 | 0x01400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001410000 | 0x01410000 | 0x01410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001420000 | 0x01420000 | 0x01420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001430000 | 0x01430000 | 0x01430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001440000 | 0x01440000 | 0x01440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001450000 | 0x01450000 | 0x01450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001460000 | 0x01460000 | 0x01460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001470000 | 0x01470000 | 0x01470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001480000 | 0x01480000 | 0x01480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001490000 | 0x01490000 | 0x01490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014a0000 | 0x014a0000 | 0x014a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014b0000 | 0x014b0000 | 0x014b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014c0000 | 0x014c0000 | 0x014c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014d0000 | 0x014d0000 | 0x014d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014e0000 | 0x014e0000 | 0x014e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014f0000 | 0x014f0000 | 0x014f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001500000 | 0x01500000 | 0x01500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001510000 | 0x01510000 | 0x01510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001520000 | 0x01520000 | 0x01520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001530000 | 0x01530000 | 0x01530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001540000 | 0x01540000 | 0x01540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001550000 | 0x01550000 | 0x01550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001560000 | 0x01560000 | 0x01560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001570000 | 0x01570000 | 0x01570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001580000 | 0x01580000 | 0x01580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001590000 | 0x01590000 | 0x01590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015a0000 | 0x015a0000 | 0x015a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015b0000 | 0x015b0000 | 0x015b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015c0000 | 0x015c0000 | 0x015c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015d0000 | 0x015d0000 | 0x015d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015e0000 | 0x015e0000 | 0x015e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015f0000 | 0x015f0000 | 0x015f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001600000 | 0x01600000 | 0x01600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001610000 | 0x01610000 | 0x01610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001620000 | 0x01620000 | 0x01620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001630000 | 0x01630000 | 0x01630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001640000 | 0x01640000 | 0x01640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001650000 | 0x01650000 | 0x01650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001660000 | 0x01660000 | 0x01660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001670000 | 0x01670000 | 0x01670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001680000 | 0x01680000 | 0x01680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001690000 | 0x01690000 | 0x01690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016a0000 | 0x016a0000 | 0x016a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016b0000 | 0x016b0000 | 0x016b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016c0000 | 0x016c0000 | 0x016c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016d0000 | 0x016d0000 | 0x016d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016e0000 | 0x016e0000 | 0x016e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016f0000 | 0x016f0000 | 0x016f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001700000 | 0x01700000 | 0x01700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001710000 | 0x01710000 | 0x01710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001720000 | 0x01720000 | 0x01720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001730000 | 0x01730000 | 0x01730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001740000 | 0x01740000 | 0x01740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001750000 | 0x01750000 | 0x01750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001760000 | 0x01760000 | 0x01760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001770000 | 0x01770000 | 0x01770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001780000 | 0x01780000 | 0x01780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f75b000 | 0x7f75b000 | 0x7f75bfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000180bcf0000 | 0x180bcf0000 | 0x180bd0ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000180bd10000 | 0x180bd10000 | 0x180bd23fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000180bd30000 | 0x180bd30000 | 0x180be2ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000180be30000 | 0x180be30000 | 0x180be33fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000180be40000 | 0x180be40000 | 0x180be40fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000180be50000 | 0x180be50000 | 0x180be51fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff050000 | 0x7df5ff050000 | 0x7ff5ff04ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fcd80000 | 0x7ff7fcd80000 | 0x7ff7fcda2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fcda6000 | 0x7ff7fcda6000 | 0x7ff7fcda6fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fcdae000 | 0x7ff7fcdae000 | 0x7ff7fcdaffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xcf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xd00000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xd10000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xd20000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xd30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xd40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xd50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xd60000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xd70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xd80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xd90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xda0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xdb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xdc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xdd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xde0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xdf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xe00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xe10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xe20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xe30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xe40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xe50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xe60000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xe70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xe80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xe90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xea0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xeb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xec0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xed0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xee0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xef0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xf00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xf10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xf20000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xf30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xf40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xf50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xf60000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xf70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xf80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xf90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xfb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xfc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xfd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xfe0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0xff0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1000000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1010000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1020000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1030000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1040000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1050000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1060000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1070000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1080000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1090000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x10a0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x10b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x10c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x10d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x10e0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x10f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1100000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1110000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1120000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1130000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1140000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1150000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1160000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1170000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1180000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1190000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x11a0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x11b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x11c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x11d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x11e0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x11f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1200000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1210000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1220000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1230000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1240000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1250000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1260000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1270000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1280000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1290000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x12a0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x12b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x12c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x12d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x12e0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x12f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1300000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1310000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1320000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1330000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1340000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1350000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1360000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1370000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1380000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1390000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x13a0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x13b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x13c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x13d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x13e0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x13f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1400000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1410000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1420000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1430000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1440000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1450000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1460000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1470000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1480000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1490000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x14a0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x14b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x14c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x14d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x14e0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x14f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1500000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1510000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1520000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1530000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1540000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1550000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1560000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1570000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1580000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1590000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x15a0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x15b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x15c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x15e0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x15f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1600000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1610000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1620000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1630000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1640000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1650000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1660000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1670000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1680000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1690000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x16a0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x16b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x16c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x16d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x16e0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x16f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1700000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1710000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1720000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1730000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1740000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1750000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1760000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | address = 0x1780000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x126c | No corresponding api call detected. Probably injected code via shellcode. | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #29 / 0x12d4 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:41, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:54 |
| OS Thread IDs | #456 0x12D8 #457 0x12DC |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x001c0000 | 0x0027dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x002bffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000320000 | 0x00320000 | 0x0032ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000370000 | 0x00370000 | 0x0037ffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x0067ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x0079ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000007a0000 | 0x007a0000 | 0x00927fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000930000 | 0x00930000 | 0x00ab0fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000ac0000 | 0x00ac0000 | 0x01ebffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000001ec0000 | 0x01ec0000 | 0x01fbffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002060000 | 0x02060000 | 0x0215ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x12d4 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1350, os_pid = 0x134c, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x134c, proc_address = 0x840000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0x880000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0x8c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0x900000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0x940000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0x980000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0x9c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xa00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xa40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xa80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xac0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xb00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xb40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xb80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xbc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xc00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xc40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xc80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xcc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 25 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xd00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xd40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xd80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xdc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xe00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xe40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xe80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xec0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 14 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xf00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xf40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xf80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0xfc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0x1000000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0x1040000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0x1080000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 8 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0x10c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x134c, proc_address = 0x1100000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x134c, size = 20 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #30 / 0x12e0 |
| OS Parent PID | 0x127c (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:42, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:53 |
| OS Thread IDs | #458 0x12E4 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x00750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x00760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007f0000 | 0x007f0000 | 0x007f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000810000 | 0x00810000 | 0x00810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000890000 | 0x00890000 | 0x00890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f9d5000 | 0x7f9d5000 | 0x7f9d5fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000461d610000 | 0x461d610000 | 0x461d62ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000461d630000 | 0x461d630000 | 0x461d643fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000461d650000 | 0x461d650000 | 0x461d74ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000461d750000 | 0x461d750000 | 0x461d753fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000461d760000 | 0x461d760000 | 0x461d760fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000461d770000 | 0x461d770000 | 0x461d771fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff250000 | 0x7df5ff250000 | 0x7ff5ff24ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fd0f0000 | 0x7ff7fd0f0000 | 0x7ff7fd112fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fd11d000 | 0x7ff7fd11d000 | 0x7ff7fd11efff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fd11f000 | 0x7ff7fd11f000 | 0x7ff7fd11ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x610000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x620000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x630000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x640000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x650000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x660000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x670000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x680000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x690000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x6a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x6b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x6c0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x6d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x6e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x6f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x700000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x710000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x720000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x730000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x740000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x750000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x760000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x770000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x780000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x790000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x7a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x7b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x7c0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x7d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x7e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x7f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x800000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x810000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x820000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x830000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x840000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x850000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x860000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x870000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x880000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x890000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x8a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x8b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x8c0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x8d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x8e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x8f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x900000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x910000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x920000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x930000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x940000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x950000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x960000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x970000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x980000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x990000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x9a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x9b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x9c0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x9d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x9e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x9f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xa00000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xa10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xa20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xa40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xa50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xa60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xa80000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xa90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xaa0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xab0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xac0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xad0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xae0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xaf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xb10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xb20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xb30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xb50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xb60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xb70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xb80000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xb90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xba0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xbb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xbc0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xbd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xbe0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xbf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xc00000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xc10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xc20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xc30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xc40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xc50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xc60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xc70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xc80000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xc90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xca0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xcb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xcc0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xcd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xce0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xcf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xd00000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xd10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xd20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xd30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xd40000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xd50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xd60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xd70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xd80000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xd90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xda0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xdb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xdc0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xdd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xde0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xdf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xe00000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xe10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xe20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xe30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xe40000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xe50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xe60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xe70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xe80000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xea0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xeb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xec0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xed0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xef0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xf00000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xf10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xf20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xf30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xf40000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xf50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xf60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xf70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xf80000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xf90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xfa0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xfb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xfc0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xfd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xfe0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0xff0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x1000000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x1010000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x1020000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x1030000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1280 | address = 0x1040000, size = 9 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #31 / 0x12e8 |
| OS Parent PID | 0x1298 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:43, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:52 |
| OS Thread IDs | #459 0x12EC |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001370000 | 0x01370000 | 0x01370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001380000 | 0x01380000 | 0x01380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001390000 | 0x01390000 | 0x01390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013a0000 | 0x013a0000 | 0x013a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013b0000 | 0x013b0000 | 0x013b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013c0000 | 0x013c0000 | 0x013c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013d0000 | 0x013d0000 | 0x013d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013e0000 | 0x013e0000 | 0x013e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013f0000 | 0x013f0000 | 0x013f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001400000 | 0x01400000 | 0x01400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001410000 | 0x01410000 | 0x01410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001420000 | 0x01420000 | 0x01420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001430000 | 0x01430000 | 0x01430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001440000 | 0x01440000 | 0x01440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001450000 | 0x01450000 | 0x01450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001460000 | 0x01460000 | 0x01460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001470000 | 0x01470000 | 0x01470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001480000 | 0x01480000 | 0x01480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001490000 | 0x01490000 | 0x01490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014a0000 | 0x014a0000 | 0x014a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f299000 | 0x7f299000 | 0x7f299fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000ee30af0000 | 0xee30af0000 | 0xee30b0ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000ee30b10000 | 0xee30b10000 | 0xee30b23fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000ee30b30000 | 0xee30b30000 | 0xee30c2ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000ee30c30000 | 0xee30c30000 | 0xee30c33fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000ee30c40000 | 0xee30c40000 | 0xee30c40fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000ee30c50000 | 0xee30c50000 | 0xee30c51fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff030000 | 0x7df5ff030000 | 0x7ff5ff02ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fd4d0000 | 0x7ff7fd4d0000 | 0x7ff7fd4f2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fd4f8000 | 0x7ff7fd4f8000 | 0x7ff7fd4f8fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fd4fe000 | 0x7ff7fd4fe000 | 0x7ff7fd4fffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xaf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xb00000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xb10000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xb20000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xb30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xb40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xb50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xb60000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xb70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xb80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xb90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xba0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xbb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xbc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xbd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xbe0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xbf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xc00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xc10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xc20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xc30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xc40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xc50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xc60000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xc70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xc80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xc90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xca0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xcb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xcc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xcd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xce0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xcf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xd00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xd10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xd20000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xd30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xd40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xd50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xd60000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xd70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xd80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xd90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xda0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xdb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xdc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xdd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xde0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xdf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xe00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xe10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xe20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xe30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xe40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xe50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xe60000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xe70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xe80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xe90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xea0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xeb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xec0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xed0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xee0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xef0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xf00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xf10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xf20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xf30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xf40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xf50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xf60000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xf70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xf80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xf90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xfa0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xfb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xfc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xfd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xfe0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0xff0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1000000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1010000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1020000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1030000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1040000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1050000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1060000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1070000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1080000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1090000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x10a0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x10b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x10c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x10d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x10e0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x10f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1100000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1110000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1120000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1130000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1140000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1150000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1160000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1170000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1180000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1190000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x11a0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x11b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x11c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x11d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x11e0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x11f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1200000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1210000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1220000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1230000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1240000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1250000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1260000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1270000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1280000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1290000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x12a0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x12b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x12c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x12d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x12e0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x12f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1300000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1310000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1320000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1330000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1340000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1350000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1360000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1370000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1380000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1390000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x13a0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x13b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x13c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x13d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x13e0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x13f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1400000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1410000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1420000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1430000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1440000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1460000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1470000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1480000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x1490000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x129c | address = 0x14a0000, size = 19 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #32 / 0x1310 |
| OS Parent PID | 0x12b4 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:44, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:51 |
| OS Thread IDs | #460 0x1314 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000520000 | 0x00520000 | 0x00520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000530000 | 0x00530000 | 0x00530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000550000 | 0x00550000 | 0x00550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000560000 | 0x00560000 | 0x00560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000570000 | 0x00570000 | 0x00570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x00580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000590000 | 0x00590000 | 0x00590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005a0000 | 0x005a0000 | 0x005a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005b0000 | 0x005b0000 | 0x005b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005c0000 | 0x005c0000 | 0x005c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005d0000 | 0x005d0000 | 0x005d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005e0000 | 0x005e0000 | 0x005e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000600000 | 0x00600000 | 0x00600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x00750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x00760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007f0000 | 0x007f0000 | 0x007f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000810000 | 0x00810000 | 0x00810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000890000 | 0x00890000 | 0x00890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007fc66000 | 0x7fc66000 | 0x7fc66fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000cd8d510000 | 0xcd8d510000 | 0xcd8d52ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000cd8d530000 | 0xcd8d530000 | 0xcd8d543fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000cd8d550000 | 0xcd8d550000 | 0xcd8d64ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000cd8d650000 | 0xcd8d650000 | 0xcd8d653fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000cd8d660000 | 0xcd8d660000 | 0xcd8d660fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000cd8d670000 | 0xcd8d670000 | 0xcd8d671fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff5f0000 | 0x7df5ff5f0000 | 0x7ff5ff5effff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fd470000 | 0x7ff7fd470000 | 0x7ff7fd492fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fd498000 | 0x7ff7fd498000 | 0x7ff7fd498fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fd49e000 | 0x7ff7fd49e000 | 0x7ff7fd49ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x510000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x520000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x530000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x540000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x550000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x560000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x570000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x580000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x590000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x5a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x5b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x5c0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x5d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x5e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x5f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x600000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x610000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x620000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x630000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x640000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x650000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x660000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x670000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x680000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x690000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x6a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x6b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x6c0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x6d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x6e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x6f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x700000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x710000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x720000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x740000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x750000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x760000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x780000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x790000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x7a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x7b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x7c0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x7d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x7e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x7f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x800000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x810000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x820000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x830000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x840000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x850000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x860000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x870000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x880000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x890000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x8a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x8b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x8c0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x8d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x8e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x900000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x910000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x930000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x950000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x960000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x990000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x9a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x9b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x9d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x9e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0x9f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xa00000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xa10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xa20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xa30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xa40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xa50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xa60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xa70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xa80000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xa90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xaa0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xab0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xac0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xad0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xae0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xaf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xb00000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xb10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xb20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xb30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xb40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xb50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xb60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xb70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xb80000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xb90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xba0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xbb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xbc0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xbd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xbe0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xbf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xc00000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xc10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xc20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xc30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xc40000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xc50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xc60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xc70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xc80000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xc90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xcb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xcc0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xcd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xce0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xd00000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xd10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xd20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xd30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xd40000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xd50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xd60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xd70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xd80000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xd90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xda0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xdb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xdc0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xdd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xde0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xdf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xe00000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xe10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xe20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xe30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xe40000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xe50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xe60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xe70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xe80000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xe90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xea0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xeb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xec0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xed0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xee0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xef0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xf00000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xf10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xf20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xf30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xf40000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12b8 | address = 0xf50000, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #33 / 0x1318 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:44, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:51 |
| OS Thread IDs | #461 0x131C #462 0x1320 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x001c0000 | 0x0027dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x002bffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000310000 | 0x00310000 | 0x0031ffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x0070ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x0080ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000810000 | 0x00810000 | 0x00997fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009fffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000a00000 | 0x00a00000 | 0x00b80fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000b90000 | 0x00b90000 | 0x01f8ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000002060000 | 0x02060000 | 0x0215ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002160000 | 0x02160000 | 0x0225ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x1318 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1370, os_pid = 0x136c, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x136c, proc_address = 0xd40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0xd80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0xdc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0xe00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0xe40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0xe80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0xec0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0xf00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0xf40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0xf80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0xfc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1000000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1040000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1080000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x10c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1100000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1140000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1180000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x11c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 25 | | 1 | |
| MEM | ALLOC | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1200000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1240000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1280000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x12c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1300000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1340000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1380000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x13c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 14 | | 1 | |
| MEM | ALLOC | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1400000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1440000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1480000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x14a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x14b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x14c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x14c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x14d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x14e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x14f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1500000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x136c, proc_address = 0x1540000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x136c, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #34 / 0x1324 |
| OS Parent PID | 0x12c0 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:44, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:51 |
| OS Thread IDs | #463 0x1328 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001370000 | 0x01370000 | 0x01370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001380000 | 0x01380000 | 0x01380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001390000 | 0x01390000 | 0x01390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013a0000 | 0x013a0000 | 0x013a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013b0000 | 0x013b0000 | 0x013b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013c0000 | 0x013c0000 | 0x013c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013d0000 | 0x013d0000 | 0x013d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013e0000 | 0x013e0000 | 0x013e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013f0000 | 0x013f0000 | 0x013f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001400000 | 0x01400000 | 0x01400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001410000 | 0x01410000 | 0x01410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001420000 | 0x01420000 | 0x01420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001430000 | 0x01430000 | 0x01430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001440000 | 0x01440000 | 0x01440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001450000 | 0x01450000 | 0x01450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001460000 | 0x01460000 | 0x01460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001470000 | 0x01470000 | 0x01470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001480000 | 0x01480000 | 0x01480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001490000 | 0x01490000 | 0x01490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014a0000 | 0x014a0000 | 0x014a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014b0000 | 0x014b0000 | 0x014b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014c0000 | 0x014c0000 | 0x014c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014d0000 | 0x014d0000 | 0x014d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014e0000 | 0x014e0000 | 0x014e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014f0000 | 0x014f0000 | 0x014f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001500000 | 0x01500000 | 0x01500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001510000 | 0x01510000 | 0x01510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001520000 | 0x01520000 | 0x01520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001530000 | 0x01530000 | 0x01530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001540000 | 0x01540000 | 0x01540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001550000 | 0x01550000 | 0x01550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001560000 | 0x01560000 | 0x01560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001570000 | 0x01570000 | 0x01570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001580000 | 0x01580000 | 0x01580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001590000 | 0x01590000 | 0x01590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015a0000 | 0x015a0000 | 0x015a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015b0000 | 0x015b0000 | 0x015b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015c0000 | 0x015c0000 | 0x015c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015d0000 | 0x015d0000 | 0x015d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015e0000 | 0x015e0000 | 0x015e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015f0000 | 0x015f0000 | 0x015f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001600000 | 0x01600000 | 0x01600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001610000 | 0x01610000 | 0x01610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001620000 | 0x01620000 | 0x01620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001630000 | 0x01630000 | 0x01630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001640000 | 0x01640000 | 0x01640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001650000 | 0x01650000 | 0x01650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001660000 | 0x01660000 | 0x01660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001670000 | 0x01670000 | 0x01670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001680000 | 0x01680000 | 0x01680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001690000 | 0x01690000 | 0x01690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016a0000 | 0x016a0000 | 0x016a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016b0000 | 0x016b0000 | 0x016b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016c0000 | 0x016c0000 | 0x016c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016d0000 | 0x016d0000 | 0x016d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016e0000 | 0x016e0000 | 0x016e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000016f0000 | 0x016f0000 | 0x016f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001700000 | 0x01700000 | 0x01700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001710000 | 0x01710000 | 0x01710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001720000 | 0x01720000 | 0x01720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001730000 | 0x01730000 | 0x01730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001740000 | 0x01740000 | 0x01740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001750000 | 0x01750000 | 0x01750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001760000 | 0x01760000 | 0x01760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001770000 | 0x01770000 | 0x01770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001780000 | 0x01780000 | 0x01780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001790000 | 0x01790000 | 0x01790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017a0000 | 0x017a0000 | 0x017a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017b0000 | 0x017b0000 | 0x017b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017c0000 | 0x017c0000 | 0x017c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017d0000 | 0x017d0000 | 0x017d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000017e0000 | 0x017e0000 | 0x017e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f999000 | 0x7f999000 | 0x7f999fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x0000008ec2e00000 | 0x8ec2e00000 | 0x8ec2e1ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000008ec2e20000 | 0x8ec2e20000 | 0x8ec2e33fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000008ec2e40000 | 0x8ec2e40000 | 0x8ec2f3ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000008ec2f40000 | 0x8ec2f40000 | 0x8ec2f43fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000008ec2f50000 | 0x8ec2f50000 | 0x8ec2f50fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000008ec2f60000 | 0x8ec2f60000 | 0x8ec2f61fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff740000 | 0x7df5ff740000 | 0x7ff5ff73ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc6e0000 | 0x7ff7fc6e0000 | 0x7ff7fc702fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc70d000 | 0x7ff7fc70d000 | 0x7ff7fc70efff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc70f000 | 0x7ff7fc70f000 | 0x7ff7fc70ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xe00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xe10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xe20000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xe30000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xe40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xe50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xe60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xe70000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xe80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xe90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xea0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xeb0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xec0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xed0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xee0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xef0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xf00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xf10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xf20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xf30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xf40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xf50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xf60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xf70000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xf80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xf90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xfa0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xfb0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xfc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xfd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xfe0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0xff0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1000000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1010000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1020000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1030000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1040000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1050000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1060000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1070000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1080000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1090000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x10a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x10b0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x10c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x10d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x10e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x10f0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1100000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1110000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1120000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1130000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1140000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1150000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1160000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1170000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1180000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1190000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x11a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x11b0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x11c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x11d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x11e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x11f0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1200000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1210000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1220000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1230000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1240000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1250000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1260000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1270000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1280000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x12a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x12b0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x12c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x12e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x12f0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1300000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1330000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1340000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1360000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1370000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1380000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1390000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x13a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x13b0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x13c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x13d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x13e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x13f0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1400000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1410000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1420000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1430000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1440000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1450000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1460000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1470000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1480000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1490000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x14a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x14b0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x14c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x14d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x14e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x14f0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1500000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1510000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1520000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1530000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1540000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1550000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1560000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1570000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1580000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1590000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x15a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x15c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x15d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x15e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x15f0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1600000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1610000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1620000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1630000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1640000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1650000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1670000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1680000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1690000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x16a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x16b0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x16c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x16d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x16e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x16f0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1700000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1710000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1720000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1730000, size = 11 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1740000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1750000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1760000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1770000, size = 17 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1780000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x1790000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x17a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x17b0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x17c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x17d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12c4 | address = 0x17e0000, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #35 / 0x1330 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:45, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:50 |
| OS Thread IDs | #465 0x1334 #466 0x133C |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x001c0000 | 0x0027dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x002bffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000310000 | 0x00310000 | 0x0031ffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x0074ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x0084ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x0093ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000940000 | 0x00940000 | 0x00ac7fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000ad0000 | 0x00ad0000 | 0x00c50fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000c60000 | 0x00c60000 | 0x0205ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000002060000 | 0x02060000 | 0x0215ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002160000 | 0x02160000 | 0x0225ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x1330 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1388, os_pid = 0x1384, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x1384, proc_address = 0x920000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0x960000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0x9a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0x9e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xa20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xa60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xaa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xae0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xb20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xb60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xba0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xbe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xc20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xc60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xca0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xce0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xd20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xd60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xda0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 25 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xde0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xe20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xe60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xea0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xee0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xf20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xf60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xfa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 14 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0xfe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0x1020000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0x1060000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0x10a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0x10e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1384, proc_address = 0x1120000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1384, size = 12 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #36 / 0x134c |
| OS Parent PID | 0x12d4 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:45, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:50 |
| OS Thread IDs | #467 0x1350 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000890000 | 0x00890000 | 0x00890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f533000 | 0x7f533000 | 0x7f533fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000f9ad820000 | 0xf9ad820000 | 0xf9ad83ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000f9ad840000 | 0xf9ad840000 | 0xf9ad853fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000f9ad860000 | 0xf9ad860000 | 0xf9ad95ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000f9ad960000 | 0xf9ad960000 | 0xf9ad963fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000f9ad970000 | 0xf9ad970000 | 0xf9ad970fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000f9ad980000 | 0xf9ad980000 | 0xf9ad981fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff980000 | 0x7df5ff980000 | 0x7ff5ff97ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fd210000 | 0x7ff7fd210000 | 0x7ff7fd232fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fd236000 | 0x7ff7fd236000 | 0x7ff7fd236fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fd23e000 | 0x7ff7fd23e000 | 0x7ff7fd23ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x820000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x830000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x840000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x850000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x860000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x870000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x880000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x890000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x8a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x8b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x8c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x8d0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x8e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x8f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x900000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x910000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x920000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x930000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x940000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x950000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x960000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x970000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x980000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x990000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x9a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x9b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x9c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x9d0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x9e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x9f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xa00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xa10000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xa20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xa30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xa40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xa50000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xa60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xa70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xa80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xa90000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xaa0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xab0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xac0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xad0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xae0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xaf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xb00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xb10000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xb20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xb30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xb40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xb50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xb60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xb70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xb80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xb90000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xba0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xbb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xbc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xbd0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xbe0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xbf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xc00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xc10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xc20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xc30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xc40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xc50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xc60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xc70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xc80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xc90000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xca0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xcb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xcc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xcd0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xce0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xcf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xd00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xd10000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xd20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xd30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xd40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xd50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xd60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xd70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xd90000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xdb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xdc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xdd0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xdf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xe10000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xe20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xe30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xe50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xe60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xe70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xe90000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xea0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xeb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xec0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xed0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xee0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xef0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xf10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xf20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xf30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xf50000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xf60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xf70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xf80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xf90000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xfa0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xfb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xfc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xfd0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xfe0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0xff0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x1000000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x1010000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x1020000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x1030000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x1040000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x1050000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x1060000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x1070000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x1080000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x1090000, size = 8 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x10a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x10b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x10c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x10d0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x10e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x1100000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x1110000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x12d8 | address = 0x1120000, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #37 / 0x1354 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:45, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:50 |
| OS Thread IDs | #468 0x1358 #469 0x135C |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x0003ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x001c0000 | 0x0027dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x002bffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000330000 | 0x00330000 | 0x0033ffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x0073ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x0083ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000840000 | 0x00840000 | 0x009c7fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000000009d0000 | 0x009d0000 | 0x00b50fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000b60000 | 0x00b60000 | 0x01f5ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000001f60000 | 0x01f60000 | 0x0205ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002100000 | 0x02100000 | 0x021fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x1354 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x13a0, os_pid = 0x139c, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x139c, proc_address = 0x640000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0x680000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0x6c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0x700000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0x740000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0x780000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0x7c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0x800000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0x840000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0x880000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0x8c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0x900000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0x940000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0x980000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0x9c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xa00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xa40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xa80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xac0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 25 | | 1 | |
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xb00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xb40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xb80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xbc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xc00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xc40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xc80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xcc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 14 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xd00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xd40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xd80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xdc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xe00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x139c, proc_address = 0xe40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x139c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #38 / 0x1360 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:46, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:49 |
| OS Thread IDs | #470 0x1364 #471 0x1368 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000200000 | 0x00200000 | 0x00200fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000210000 | 0x00210000 | 0x0021ffff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x00220000 | 0x002ddfff | Memory Mapped File | Readable | | | | |
| private_0x00000000002e0000 | 0x002e0000 | 0x003dffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x0067ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x007effff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000007f0000 | 0x007f0000 | 0x00977fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009effff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000009f0000 | 0x009f0000 | 0x00b70fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000b80000 | 0x00b80000 | 0x01f7ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000002050000 | 0x02050000 | 0x0214ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x1360 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x13b4, os_pid = 0x13b0, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x13b0, proc_address = 0x940000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0x980000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0x9c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xa00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xa40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xa80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xac0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xb00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xb40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xb80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xbc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xc00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xc40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xc80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xcc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xd00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xd40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xd80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xdc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 25 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xe00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xe40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xe80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xec0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xf00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xf40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xf80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0xfc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 14 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0x1000000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0x1040000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0x1080000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13b0, proc_address = 0x10c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13b0, size = 20 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #39 / 0x136c |
| OS Parent PID | 0x1318 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:47, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:48 |
| OS Thread IDs | #472 0x1370 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001370000 | 0x01370000 | 0x01370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001380000 | 0x01380000 | 0x01380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001390000 | 0x01390000 | 0x01390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013a0000 | 0x013a0000 | 0x013a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013b0000 | 0x013b0000 | 0x013b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013c0000 | 0x013c0000 | 0x013c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013d0000 | 0x013d0000 | 0x013d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013e0000 | 0x013e0000 | 0x013e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013f0000 | 0x013f0000 | 0x013f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001400000 | 0x01400000 | 0x01400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001410000 | 0x01410000 | 0x01410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001420000 | 0x01420000 | 0x01420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001430000 | 0x01430000 | 0x01430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001440000 | 0x01440000 | 0x01440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001450000 | 0x01450000 | 0x01450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001460000 | 0x01460000 | 0x01460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001470000 | 0x01470000 | 0x01470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001480000 | 0x01480000 | 0x01480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001490000 | 0x01490000 | 0x01490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014a0000 | 0x014a0000 | 0x014a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014b0000 | 0x014b0000 | 0x014b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014c0000 | 0x014c0000 | 0x014c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014d0000 | 0x014d0000 | 0x014d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014e0000 | 0x014e0000 | 0x014e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014f0000 | 0x014f0000 | 0x014f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001500000 | 0x01500000 | 0x01500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001510000 | 0x01510000 | 0x01510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001520000 | 0x01520000 | 0x01520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001530000 | 0x01530000 | 0x01530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001540000 | 0x01540000 | 0x01540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001550000 | 0x01550000 | 0x01550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f465000 | 0x7f465000 | 0x7f465fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000e11ed20000 | 0xe11ed20000 | 0xe11ed3ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000e11ed40000 | 0xe11ed40000 | 0xe11ed53fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000e11ed60000 | 0xe11ed60000 | 0xe11ee5ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000e11ee60000 | 0xe11ee60000 | 0xe11ee63fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000e11ee70000 | 0xe11ee70000 | 0xe11ee70fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000e11ee80000 | 0xe11ee80000 | 0xe11ee81fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ffc70000 | 0x7df5ffc70000 | 0x7ff5ffc6ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc7b0000 | 0x7ff7fc7b0000 | 0x7ff7fc7d2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc7d4000 | 0x7ff7fc7d4000 | 0x7ff7fc7d4fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc7de000 | 0x7ff7fc7de000 | 0x7ff7fc7dffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xd20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xd30000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xd40000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xd50000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xd60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xd70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xd80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xd90000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xda0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xdb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xdc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xdd0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xde0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xdf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xe00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xe10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xe20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xe30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xe40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xe50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xe60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xe70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xe80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xe90000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xea0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xeb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xec0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xed0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xee0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xef0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xf00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xf10000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xf20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xf30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xf40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xf50000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xf60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xf70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xf80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xfa0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xfb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xfc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xfe0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0xff0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1000000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1020000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1040000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1060000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1070000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1080000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x10a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x10b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x10c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x10f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1100000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1110000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1120000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1130000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1140000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1150000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1160000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1170000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1180000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1190000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x11a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x11b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x11c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x11d0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x11e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x11f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1200000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1210000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1220000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1230000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1240000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1250000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1260000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1270000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1280000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1290000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x12a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x12b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x12c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x12d0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x12e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x12f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1300000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1310000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1320000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1330000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1340000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1350000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1360000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1370000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1380000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1390000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x13a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x13b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x13c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x13d0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x13e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x13f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1400000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1410000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1420000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1430000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1440000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1450000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1460000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1470000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1480000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1490000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x14a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x14b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x14c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x14d0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x14e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x14f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1500000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1510000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1520000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1530000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1540000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x131c | address = 0x1550000, size = 12 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #40 / 0x1378 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:48, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:47 |
| OS Thread IDs | #473 0x137C #475 0x1390 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000200000 | 0x00200000 | 0x00200fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000230000 | 0x00230000 | 0x0023ffff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x00240000 | 0x002fdfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000300000 | 0x00300000 | 0x003fffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x0063ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x0076ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000770000 | 0x00770000 | 0x008f7fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000900000 | 0x00900000 | 0x00a80fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000a90000 | 0x00a90000 | 0x01e8ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000001e90000 | 0x01e90000 | 0x01f8ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002030000 | 0x02030000 | 0x0212ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x1378 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x13c8, os_pid = 0x13c4, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x13c4, proc_address = 0x50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0xd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x110000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x150000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x190000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x1b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x1d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x210000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x250000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x290000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x2a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x2b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x2c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x2d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x2d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x310000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x350000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x390000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x3d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x410000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x450000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x490000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x4d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 25 | | 1 | |
| MEM | ALLOC | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x510000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x550000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x590000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x5d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x610000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x650000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x690000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x6d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 14 | | 1 | |
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x710000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x750000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13c4, proc_address = 0x790000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 12 | | 1 | |
| MEM | ALLOC | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #41 / 0x1384 |
| OS Parent PID | 0x1330 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:48, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:47 |
| OS Thread IDs | #474 0x1388 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007fe68000 | 0x7fe68000 | 0x7fe68fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000c26f900000 | 0xc26f900000 | 0xc26f91ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000c26f920000 | 0xc26f920000 | 0xc26f933fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000c26f940000 | 0xc26f940000 | 0xc26fa3ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000c26fa40000 | 0xc26fa40000 | 0xc26fa43fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000c26fa50000 | 0xc26fa50000 | 0xc26fa50fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000c26fa60000 | 0xc26fa60000 | 0xc26fa61fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff680000 | 0x7df5ff680000 | 0x7ff5ff67ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fcde0000 | 0x7ff7fcde0000 | 0x7ff7fce02fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fce05000 | 0x7ff7fce05000 | 0x7ff7fce05fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fce0e000 | 0x7ff7fce0e000 | 0x7ff7fce0ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x900000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x910000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x920000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x930000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x940000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x950000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x960000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x970000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x980000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x990000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x9a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x9b0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x9c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x9d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x9e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x9f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xa00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xa10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xa20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xa30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xa40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xa50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xa60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xa70000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xa80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xa90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xaa0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xab0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xac0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xad0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xae0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xaf0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xb00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xb30000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xb50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xb70000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xb80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xb90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xba0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xbb0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xbc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xbd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xbe0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xbf0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xc00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xc10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xc20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xc30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xc40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xc50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xc60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xc70000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xc80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xc90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xca0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xcb0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xcc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xcd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xce0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xcf0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xd00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xd10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xd20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xd30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xd40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xd50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xd60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xd70000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xd80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xd90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xda0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xdb0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xdc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xdd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xde0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xdf0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xe00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xe10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xe20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xe30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xe40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xe50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xe60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xe70000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xe80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xe90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xea0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xeb0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xec0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xed0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xee0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xef0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xf00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xf10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xf20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xf30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xf40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xf50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xf60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xf70000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xf90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xfa0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xfc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0xfd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x1000000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x1010000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x1020000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x1030000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x1050000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x1060000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x1070000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x1080000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x1090000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x10b0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x10d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x1100000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x1110000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1334 | address = 0x1120000, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #42 / 0x1394 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:49, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:46 |
| OS Thread IDs | #476 0x1398 #478 0x13A4 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000200000 | 0x00200000 | 0x00200fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000210000 | 0x00210000 | 0x0030ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000360000 | 0x00360000 | 0x0036ffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| locale.nls | 0x00580000 | 0x0063dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x0073ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000740000 | 0x00740000 | 0x008c7fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x0092ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000930000 | 0x00930000 | 0x00ab0fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000ac0000 | 0x00ac0000 | 0x01ebffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000001ec0000 | 0x01ec0000 | 0x01fbffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002060000 | 0x02060000 | 0x0215ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x1394 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x13e4, os_pid = 0x13e0, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x13e0, proc_address = 0xb50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xb90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xbd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xc10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xc50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xc90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xcd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xd10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xd50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xd90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xdd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xe10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xe50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xe90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xed0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xf10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xf50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xf90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0xfd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 25 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0x1010000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0x1050000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0x1090000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0x10d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0x1110000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0x1150000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0x1190000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0x11d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 14 | | 1 | |
| MEM | ALLOC | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0x1210000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0x1250000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0x1290000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0x12d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0x1310000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13e0, proc_address = 0x1350000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13e0, size = 12 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #43 / 0x139c |
| OS Parent PID | 0x1354 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:49, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:46 |
| OS Thread IDs | #477 0x13A0 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x00750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x00760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007f0000 | 0x007f0000 | 0x007f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000810000 | 0x00810000 | 0x00810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000890000 | 0x00890000 | 0x00890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f7c6000 | 0x7f7c6000 | 0x7f7c6fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000ed21620000 | 0xed21620000 | 0xed2163ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000ed21640000 | 0xed21640000 | 0xed21653fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000ed21660000 | 0xed21660000 | 0xed2175ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000ed21760000 | 0xed21760000 | 0xed21763fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000ed21770000 | 0xed21770000 | 0xed21770fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000ed21780000 | 0xed21780000 | 0xed21781fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ffc50000 | 0x7df5ffc50000 | 0x7ff5ffc4ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc5a0000 | 0x7ff7fc5a0000 | 0x7ff7fc5c2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc5ca000 | 0x7ff7fc5ca000 | 0x7ff7fc5cafff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc5ce000 | 0x7ff7fc5ce000 | 0x7ff7fc5cffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x620000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x630000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x640000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x650000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x660000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x670000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x680000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x690000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x6a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x6b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x6c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x6d0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x6e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x6f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x700000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x710000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x720000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x730000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x740000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x750000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x760000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x770000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x780000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x790000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x7a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x7b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x7c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x7d0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x7e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x7f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x800000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x810000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x820000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x830000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x840000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x850000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x860000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x870000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x880000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x890000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x8a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x8b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x8c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x8d0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x8e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x8f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x900000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x910000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x920000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x930000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x940000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x950000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x960000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x970000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x980000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x990000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x9a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x9b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x9c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x9d0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x9e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0x9f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xa00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xa10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xa20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xa30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xa50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xa60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xa70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xa80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xa90000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xaa0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xab0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xac0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xad0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xae0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xaf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xb00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xb10000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xb20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xb30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xb40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xb50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xb60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xb70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xb80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xb90000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xba0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xbb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xbc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xbd0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xbe0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xbf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xc00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xc10000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xc20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xc30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xc40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xc50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xc60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xc70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xc80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xc90000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xca0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xcb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xcc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xcd0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xce0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xcf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xd00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xd10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xd20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xd30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xd40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xd50000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xd60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xd70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xd80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xd90000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xda0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xdb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xdc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xdd0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xde0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xdf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xe00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xe10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xe20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | address = 0xe30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1358 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #44 / 0x13b0 |
| OS Parent PID | 0x1360 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:50, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:45 |
| OS Thread IDs | #479 0x13B4 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f80d000 | 0x7f80d000 | 0x7f80dfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x0000004e16920000 | 0x4e16920000 | 0x4e1693ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000004e16940000 | 0x4e16940000 | 0x4e16953fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000004e16960000 | 0x4e16960000 | 0x4e16a5ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000004e16a60000 | 0x4e16a60000 | 0x4e16a63fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000004e16a70000 | 0x4e16a70000 | 0x4e16a70fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000004e16a80000 | 0x4e16a80000 | 0x4e16a81fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ffc90000 | 0x7df5ffc90000 | 0x7ff5ffc8ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fce30000 | 0x7ff7fce30000 | 0x7ff7fce52fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fce5d000 | 0x7ff7fce5d000 | 0x7ff7fce5efff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fce5f000 | 0x7ff7fce5f000 | 0x7ff7fce5ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x920000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x930000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x940000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x950000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x960000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x970000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x980000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x990000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x9a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x9b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x9c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x9d0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x9e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x9f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xa00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xa10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xa20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xa30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xa40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xa50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xa60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xa70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xa80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xa90000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xaa0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xac0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xad0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xae0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xb00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xb10000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xb20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xb40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xb50000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xb60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xb70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xb80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xb90000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xba0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xbb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xbc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xbd0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xbe0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xbf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xc00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xc10000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xc20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xc30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xc40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xc50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xc60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xc70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xc80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xc90000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xca0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xcc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xce0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xcf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xd10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xd20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xd30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xd40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xd50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xd60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xd70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xd80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xd90000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xda0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xdb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xdc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xdd0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xde0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xdf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xe00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xe10000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xe20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xe30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xe40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xe50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xe60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xe70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xe80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xe90000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xea0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xeb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xec0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xed0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xee0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xef0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xf00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xf10000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xf20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xf30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xf40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xf50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xf60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xf70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xf80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xf90000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xfa0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xfb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xfc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xfd0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xfe0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0xff0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x1000000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x1010000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x1020000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x1030000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x1040000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x1050000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x1060000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x1070000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x1080000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x1090000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x10a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x10b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x10c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x10d0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1364 | address = 0x10e0000, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #45 / 0x13b8 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:50, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:45 |
| OS Thread IDs | #480 0x13BC #481 0x13C0 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001cffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000001d0000 | 0x001d0000 | 0x001d0fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000200000 | 0x00200000 | 0x002fffff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x00300000 | 0x003bdfff | Memory Mapped File | Readable | | | | |
| private_0x00000000003c0000 | 0x003c0000 | 0x003fffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x0067ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x0077ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000007c0000 | 0x007c0000 | 0x007cffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000007d0000 | 0x007d0000 | 0x00957fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000960000 | 0x00960000 | 0x00ae0fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000af0000 | 0x00af0000 | 0x01eeffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000001fc0000 | 0x01fc0000 | 0x020bffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x13b8 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x13f8, os_pid = 0x13f4, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x13f4, proc_address = 0x9c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xa00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xa40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xa80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xac0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xb00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xb40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xb80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xbc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xc00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xc40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xc80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xcc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xd00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xd40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xd80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xdc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xe00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xe40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 25 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xe80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xec0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xf00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xf40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xf80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0xfc0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0x1000000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0x1040000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 14 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0x1080000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x13f4, proc_address = 0x10c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x13f4, size = 20 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #46 / 0x13c4 |
| OS Parent PID | 0x1378 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:51, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| OS Thread IDs | #482 0x13C8 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000040000 | 0x00040000 | 0x00040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000050000 | 0x00050000 | 0x00050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x00060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000090000 | 0x00090000 | 0x00090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000b0000 | 0x000b0000 | 0x000b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000110000 | 0x00110000 | 0x00110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000120000 | 0x00120000 | 0x00120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000130000 | 0x00130000 | 0x00130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000140000 | 0x00140000 | 0x00140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000150000 | 0x00150000 | 0x00150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000160000 | 0x00160000 | 0x00160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000170000 | 0x00170000 | 0x00170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000180000 | 0x00180000 | 0x00180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000190000 | 0x00190000 | 0x00190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001d0000 | 0x001d0000 | 0x001d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000200000 | 0x00200000 | 0x00200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000210000 | 0x00210000 | 0x00210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000220000 | 0x00220000 | 0x00220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000230000 | 0x00230000 | 0x00230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000240000 | 0x00240000 | 0x00240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000250000 | 0x00250000 | 0x00250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000260000 | 0x00260000 | 0x00260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000270000 | 0x00270000 | 0x00270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x00280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000290000 | 0x00290000 | 0x00290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002a0000 | 0x002a0000 | 0x002a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000300000 | 0x00300000 | 0x00300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000310000 | 0x00310000 | 0x00310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000320000 | 0x00320000 | 0x00320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000330000 | 0x00330000 | 0x00330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000340000 | 0x00340000 | 0x00340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000350000 | 0x00350000 | 0x00350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000360000 | 0x00360000 | 0x00360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000370000 | 0x00370000 | 0x00370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000380000 | 0x00380000 | 0x00380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000390000 | 0x00390000 | 0x00390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003a0000 | 0x003a0000 | 0x003a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003c0000 | 0x003c0000 | 0x003c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000400000 | 0x00400000 | 0x00400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000410000 | 0x00410000 | 0x00410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000420000 | 0x00420000 | 0x00420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000430000 | 0x00430000 | 0x00430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000440000 | 0x00440000 | 0x00440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000450000 | 0x00450000 | 0x00450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000460000 | 0x00460000 | 0x00460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000470000 | 0x00470000 | 0x00470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000480000 | 0x00480000 | 0x00480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000490000 | 0x00490000 | 0x00490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004a0000 | 0x004a0000 | 0x004a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004b0000 | 0x004b0000 | 0x004b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004c0000 | 0x004c0000 | 0x004c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004f0000 | 0x004f0000 | 0x004f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000500000 | 0x00500000 | 0x00500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000520000 | 0x00520000 | 0x00520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000530000 | 0x00530000 | 0x00530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000550000 | 0x00550000 | 0x00550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000560000 | 0x00560000 | 0x00560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000570000 | 0x00570000 | 0x00570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x00580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000590000 | 0x00590000 | 0x00590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005a0000 | 0x005a0000 | 0x005a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005b0000 | 0x005b0000 | 0x005b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005c0000 | 0x005c0000 | 0x005c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005d0000 | 0x005d0000 | 0x005d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005e0000 | 0x005e0000 | 0x005e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000600000 | 0x00600000 | 0x00600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x00750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x00760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f3c7000 | 0x7f3c7000 | 0x7f3c7fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x0000007ef5030000 | 0x7ef5030000 | 0x7ef504ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000007ef5050000 | 0x7ef5050000 | 0x7ef5063fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000007ef5070000 | 0x7ef5070000 | 0x7ef516ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000007ef5170000 | 0x7ef5170000 | 0x7ef5173fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000007ef5180000 | 0x7ef5180000 | 0x7ef5180fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000007ef5190000 | 0x7ef5190000 | 0x7ef5191fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff220000 | 0x7df5ff220000 | 0x7ff5ff21ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fd470000 | 0x7ff7fd470000 | 0x7ff7fd492fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fd495000 | 0x7ff7fd495000 | 0x7ff7fd495fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fd49e000 | 0x7ff7fd49e000 | 0x7ff7fd49ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x40000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x50000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x60000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0xa0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0xb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0xc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0xd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0xe0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0xf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x100000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x110000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x120000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x130000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x140000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x160000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x170000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x180000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x1a0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x1b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x1c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x1e0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x1f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x200000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x210000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x220000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x230000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x240000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x250000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x260000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x270000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x280000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x290000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x2a0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x2b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x2c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x2d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x2e0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x2f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x300000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x310000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x320000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x330000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x340000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x350000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x360000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x370000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x380000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x390000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x3a0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x3b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x3c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x3d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x3e0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x3f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x400000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x410000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x420000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x430000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x440000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x460000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x470000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x480000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x490000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x4a0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x4b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x4c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x4d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x4e0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x4f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x500000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x510000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x520000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x530000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x540000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x560000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x570000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x580000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x590000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x5a0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x5b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x5c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x5d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x5e0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x5f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x600000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x610000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x620000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x630000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x640000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x650000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x660000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x670000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x680000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x690000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x6a0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x6b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x6c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x6d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x6e0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x6f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x700000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x710000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x720000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x730000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x740000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x750000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x760000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x770000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x780000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x137c | address = 0x7a0000, size = 12 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #47 / 0x13cc |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:51, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:44 |
| OS Thread IDs | #483 0x13D0 #484 0x13D4 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x13cc | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1028, os_pid = 0xd38, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0xd38, proc_address = 0x820000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0x860000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0x8a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0x8e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0x920000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0x960000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0x9a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0x9e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xa20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xa60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xaa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xae0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xb20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xb60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xba0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xbe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xc20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xc60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xca0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 25 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xce0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xd20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xd60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xda0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xde0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xe20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xe60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xea0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 14 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xee0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xf20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xf60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xfa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xd38, proc_address = 0xfe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 12 | | 1 | |
| MEM | ALLOC | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xd38, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #48 / 0x13d8 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:52, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:43 |
| OS Thread IDs | #485 0x13DC #487 0x13E8 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x13d8 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0xa70, os_pid = 0x434, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x434, proc_address = 0x300000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x340000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x380000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x3c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x400000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x440000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x480000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x4c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x500000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x540000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x580000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x5c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x600000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x640000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x680000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x6c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x700000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x740000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x780000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 25 | | 1 | |
| MEM | ALLOC | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x7c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x800000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x840000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x880000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x8c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x900000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x940000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x434, proc_address = 0x980000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 14 | | 1 | |
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x434, size = 20 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #49 / 0x13e0 |
| OS Parent PID | 0x1394 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:52, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:43 |
| OS Thread IDs | #486 0x13E4 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f959000 | 0x7f959000 | 0x7f959fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x00000052c9b30000 | 0x52c9b30000 | 0x52c9b4ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000052c9b50000 | 0x52c9b50000 | 0x52c9b63fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000052c9b70000 | 0x52c9b70000 | 0x52c9c6ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000052c9c70000 | 0x52c9c70000 | 0x52c9c73fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000052c9c80000 | 0x52c9c80000 | 0x52c9c80fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000052c9c90000 | 0x52c9c90000 | 0x52c9c91fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff900000 | 0x7df5ff900000 | 0x7ff5ff8fffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fcdd0000 | 0x7ff7fcdd0000 | 0x7ff7fcdf2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fcdfb000 | 0x7ff7fcdfb000 | 0x7ff7fcdfbfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fcdfe000 | 0x7ff7fcdfe000 | 0x7ff7fcdfffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xb30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xb40000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xb50000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xb60000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xb70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xb80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xb90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xba0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xbb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xbc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xbd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xbe0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xbf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xc00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xc10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xc20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xc30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xc40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xc50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xc60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xc70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xc80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xc90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xca0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xcb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xcc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xcd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xce0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xcf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xd00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xd10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xd20000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xd30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xd40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xd50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xd60000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xd70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xd80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xd90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xda0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xdb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xdc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xdd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xde0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xdf0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xe00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xe10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xe20000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xe30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xe40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xe50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xe60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xe70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xe80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xea0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xeb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xec0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xed0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xee0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xef0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xf00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xf10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xf20000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xf30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xf40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xf50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xf60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xf70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xf80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xf90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xfa0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xfb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xfc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xfd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xfe0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0xff0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1000000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1010000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1020000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1030000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1040000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1050000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1060000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1070000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1080000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1090000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x10a0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x10b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x10c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x10d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x10e0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x10f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1100000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1110000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1120000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1130000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1140000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1150000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1160000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1170000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1180000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1190000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x11a0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x11b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x11c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x11d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x11e0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x11f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1200000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1220000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1230000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1240000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1260000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1270000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1280000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x12a0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x12b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x12c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x12e0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x12f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1300000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1320000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1330000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1340000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1398 | address = 0x1350000, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #50 / 0x13ec |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:53, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:42 |
| OS Thread IDs | #488 0x13F0 #490 0x13FC |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x13ec | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x604, os_pid = 0x404, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x404, proc_address = 0xf10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0xf50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0xf90000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0xfd0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1010000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1050000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1090000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x10d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1110000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1150000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1190000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x11d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1210000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1250000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1290000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x12d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1310000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1350000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1390000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 25 | | 1 | |
| MEM | ALLOC | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x13d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1410000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1450000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1490000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x14a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x14b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x14c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x14d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x14d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x14e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x14f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x14f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1510000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1550000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1590000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x15a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 14, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 14 | | 1 | |
| MEM | ALLOC | address = 0x15b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x15c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x15d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x15d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x15e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x15f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x15f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x404, proc_address = 0x1610000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x404, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #51 / 0x13f4 |
| OS Parent PID | 0x13b8 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:53, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:42 |
| OS Thread IDs | #489 0x13F8 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f959000 | 0x7f959000 | 0x7f959fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x00000020eb9a0000 | 0x20eb9a0000 | 0x20eb9bffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000020eb9c0000 | 0x20eb9c0000 | 0x20eb9d3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000020eb9e0000 | 0x20eb9e0000 | 0x20ebadffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000020ebae0000 | 0x20ebae0000 | 0x20ebae3fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000020ebaf0000 | 0x20ebaf0000 | 0x20ebaf0fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000020ebb00000 | 0x20ebb00000 | 0x20ebb01fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff160000 | 0x7df5ff160000 | 0x7ff5ff15ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fcce0000 | 0x7ff7fcce0000 | 0x7ff7fcd02fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fcd0d000 | 0x7ff7fcd0d000 | 0x7ff7fcd0efff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fcd0f000 | 0x7ff7fcd0f000 | 0x7ff7fcd0ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x9a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x9b0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x9c0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x9d0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x9e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x9f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xa00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xa10000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xa20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xa30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xa40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xa50000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xa60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xa70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xa80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xa90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xaa0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xab0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xac0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xad0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xae0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xaf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xb10000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xb20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xb30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xb40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xb50000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xb60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xb70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xb80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xb90000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xba0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xbb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xbc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xbd0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xbe0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xbf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xc10000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xc20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xc30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xc40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xc50000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xc60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xc70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xc90000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xca0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xcb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xcc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xcd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xce0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xcf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xd00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xd10000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xd20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xd30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xd40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xd50000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xd60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xd70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xd80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xd90000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xda0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xdb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xdc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xdd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xde0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xdf0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xe00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xe10000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xe20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xe30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xe40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xe50000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xe60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xe70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xe80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xe90000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xea0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xeb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xec0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xed0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xee0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xef0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xf00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xf10000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xf20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xf30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xf40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xf50000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xf60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xf70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xf80000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xf90000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xfa0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xfb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xfc0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xfd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xfe0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0xff0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x1000000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x1010000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x1020000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x1030000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x1050000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x1060000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x1070000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x1080000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x1090000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x10a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x10b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x10c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x10d0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13bc | address = 0x10e0000, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #52 / 0xd40 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:54, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:41 |
| OS Thread IDs | #491 0xD08 #492 0xD3C |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0xd40 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1060, os_pid = 0x1064, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x1064, proc_address = 0xb30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xb70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xbb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xbf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xc30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xc70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xcb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xcf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xd30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xd70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xdb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xdf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xe30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xe70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xeb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xef0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xf30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xf70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xfb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 25 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0xff0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0x1030000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0x1070000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0x10b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1064, proc_address = 0x10f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1064, proc_address = 0x1130000, flags = THREAD_RUNS_IMMEDIATELY | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #53 / 0xd38 |
| OS Parent PID | 0x13cc (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:55, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:40 |
| OS Thread IDs | #493 0x1028 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000810000 | 0x00810000 | 0x00810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000890000 | 0x00890000 | 0x00890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007fe52000 | 0x7fe52000 | 0x7fe52fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x0000004218800000 | 0x4218800000 | 0x421881ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000004218820000 | 0x4218820000 | 0x4218833fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000004218840000 | 0x4218840000 | 0x421893ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000004218940000 | 0x4218940000 | 0x4218943fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000004218950000 | 0x4218950000 | 0x4218950fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000004218960000 | 0x4218960000 | 0x4218961fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff600000 | 0x7df5ff600000 | 0x7ff5ff5fffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fcc30000 | 0x7ff7fcc30000 | 0x7ff7fcc52fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fcc5d000 | 0x7ff7fcc5d000 | 0x7ff7fcc5efff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fcc5f000 | 0x7ff7fcc5f000 | 0x7ff7fcc5ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x800000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x810000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x820000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x830000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x840000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x850000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x860000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x870000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x880000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x890000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x8a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x8b0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x8c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x8d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x8e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x8f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x900000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x910000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x920000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x930000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x940000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x950000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x960000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x970000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x980000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x990000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x9a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x9b0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x9c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x9d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x9e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0x9f0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xa00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xa10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xa20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xa30000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xa40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xa50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xa60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xa70000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xa80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xa90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xaa0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xab0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xac0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xae0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xaf0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xb00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xb10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xb20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xb30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xb40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xb50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xb60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xb70000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xb80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xb90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xba0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xbb0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xbd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xbe0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xbf0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xc10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xc20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xc30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xc40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xc50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xc60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xc70000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xc80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xc90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xca0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xcb0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xcc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xcd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xcf0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xd00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xd10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xd20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xd30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xd40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xd50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xd60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xd70000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xd80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xd90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xda0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xdb0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xdc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xdd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xde0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xdf0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xe00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xe10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xe20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xe30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xe40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xe50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xe60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xe70000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xe80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xe90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xea0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xeb0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xec0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xed0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xef0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xf00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xf10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xf20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xf30000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xf40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xf50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xf60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xf70000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xf80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xf90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xfa0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xfb0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xfc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xfd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xfe0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13d0 | address = 0xff0000, size = 12 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #54 / 0x102c |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:56, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:39 |
| OS Thread IDs | #494 0x6D0 #496 0x4AC |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x102c | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x244, os_pid = 0x688, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x688, proc_address = 0x280000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x2a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x2b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x2c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x2c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x2d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x300000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x340000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x380000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x3c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x400000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x440000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x480000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x4c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x500000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x540000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x580000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x5c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x600000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x640000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x680000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x6c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x700000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 25 | | 1 | |
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x740000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x780000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x7c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x800000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x688, proc_address = 0x840000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x688, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #55 / 0x434 |
| OS Parent PID | 0x13d8 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:56, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:39 |
| OS Thread IDs | #495 0xA70 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000300000 | 0x00300000 | 0x00300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000310000 | 0x00310000 | 0x00310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000320000 | 0x00320000 | 0x00320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000330000 | 0x00330000 | 0x00330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000340000 | 0x00340000 | 0x00340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000350000 | 0x00350000 | 0x00350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000360000 | 0x00360000 | 0x00360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000370000 | 0x00370000 | 0x00370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000380000 | 0x00380000 | 0x00380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000390000 | 0x00390000 | 0x00390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003a0000 | 0x003a0000 | 0x003a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003c0000 | 0x003c0000 | 0x003c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000400000 | 0x00400000 | 0x00400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000410000 | 0x00410000 | 0x00410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000420000 | 0x00420000 | 0x00420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000430000 | 0x00430000 | 0x00430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000440000 | 0x00440000 | 0x00440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000450000 | 0x00450000 | 0x00450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000460000 | 0x00460000 | 0x00460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000470000 | 0x00470000 | 0x00470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000480000 | 0x00480000 | 0x00480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000490000 | 0x00490000 | 0x00490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004a0000 | 0x004a0000 | 0x004a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004b0000 | 0x004b0000 | 0x004b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004c0000 | 0x004c0000 | 0x004c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004f0000 | 0x004f0000 | 0x004f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000500000 | 0x00500000 | 0x00500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000520000 | 0x00520000 | 0x00520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000530000 | 0x00530000 | 0x00530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000550000 | 0x00550000 | 0x00550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000560000 | 0x00560000 | 0x00560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000570000 | 0x00570000 | 0x00570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x00580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000590000 | 0x00590000 | 0x00590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005a0000 | 0x005a0000 | 0x005a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005b0000 | 0x005b0000 | 0x005b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005c0000 | 0x005c0000 | 0x005c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005d0000 | 0x005d0000 | 0x005d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005e0000 | 0x005e0000 | 0x005e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000600000 | 0x00600000 | 0x00600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x00750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x00760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007f0000 | 0x007f0000 | 0x007f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000810000 | 0x00810000 | 0x00810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000890000 | 0x00890000 | 0x00890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f347000 | 0x7f347000 | 0x7f347fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x00000021c92e0000 | 0x21c92e0000 | 0x21c92fffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000021c9300000 | 0x21c9300000 | 0x21c9313fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000021c9320000 | 0x21c9320000 | 0x21c941ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000021c9420000 | 0x21c9420000 | 0x21c9423fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000021c9430000 | 0x21c9430000 | 0x21c9430fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000021c9440000 | 0x21c9440000 | 0x21c9441fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df600000000 | 0x7df600000000 | 0x7ff5ffffffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc7c0000 | 0x7ff7fc7c0000 | 0x7ff7fc7e2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc7ec000 | 0x7ff7fc7ec000 | 0x7ff7fc7ecfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc7ee000 | 0x7ff7fc7ee000 | 0x7ff7fc7effff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x2e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x2f0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x300000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x310000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x320000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x330000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x340000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x350000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x360000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x370000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x380000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x390000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x3a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x3b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x3c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x3d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x3e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x3f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x400000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x410000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x420000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x430000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x440000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x450000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x460000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x470000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x480000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x490000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x4a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x4b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x4c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x4d0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x4e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x4f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x510000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x520000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x530000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x540000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x550000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x560000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x570000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x580000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x590000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x5b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x5c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x5d0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x5e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x5f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x600000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x610000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x620000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x630000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x640000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x650000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x660000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x670000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x680000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x690000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x6a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x6b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x6c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x6d0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x6e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x6f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x700000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x710000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x720000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x730000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x740000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x750000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x760000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x770000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x780000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x790000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x7a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x7c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x7d0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x7e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x7f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x810000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x820000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x830000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x840000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x850000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x860000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x870000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x880000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x890000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x8a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x8b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x8c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x8d0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x8e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x8f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x910000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x920000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x940000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x950000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x960000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x970000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x980000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x990000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13dc | address = 0x9a0000, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #56 / 0x404 |
| OS Parent PID | 0x13ec (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:57, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:38 |
| OS Thread IDs | #497 0x604 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001370000 | 0x01370000 | 0x01370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001380000 | 0x01380000 | 0x01380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001390000 | 0x01390000 | 0x01390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013a0000 | 0x013a0000 | 0x013a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013b0000 | 0x013b0000 | 0x013b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013c0000 | 0x013c0000 | 0x013c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013d0000 | 0x013d0000 | 0x013d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013e0000 | 0x013e0000 | 0x013e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013f0000 | 0x013f0000 | 0x013f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001400000 | 0x01400000 | 0x01400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001410000 | 0x01410000 | 0x01410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001420000 | 0x01420000 | 0x01420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001430000 | 0x01430000 | 0x01430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001440000 | 0x01440000 | 0x01440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001450000 | 0x01450000 | 0x01450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001460000 | 0x01460000 | 0x01460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001470000 | 0x01470000 | 0x01470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001480000 | 0x01480000 | 0x01480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001490000 | 0x01490000 | 0x01490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014a0000 | 0x014a0000 | 0x014a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014b0000 | 0x014b0000 | 0x014b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014c0000 | 0x014c0000 | 0x014c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014d0000 | 0x014d0000 | 0x014d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014e0000 | 0x014e0000 | 0x014e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000014f0000 | 0x014f0000 | 0x014f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001500000 | 0x01500000 | 0x01500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001510000 | 0x01510000 | 0x01510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001520000 | 0x01520000 | 0x01520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001530000 | 0x01530000 | 0x01530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001540000 | 0x01540000 | 0x01540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001550000 | 0x01550000 | 0x01550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001560000 | 0x01560000 | 0x01560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001570000 | 0x01570000 | 0x01570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001580000 | 0x01580000 | 0x01580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001590000 | 0x01590000 | 0x01590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015a0000 | 0x015a0000 | 0x015a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015b0000 | 0x015b0000 | 0x015b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015c0000 | 0x015c0000 | 0x015c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015d0000 | 0x015d0000 | 0x015d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015e0000 | 0x015e0000 | 0x015e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000015f0000 | 0x015f0000 | 0x015f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001600000 | 0x01600000 | 0x01600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001610000 | 0x01610000 | 0x01610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f9cf000 | 0x7f9cf000 | 0x7f9cffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000b3b2ef0000 | 0xb3b2ef0000 | 0xb3b2f0ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000b3b2f10000 | 0xb3b2f10000 | 0xb3b2f23fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000b3b2f30000 | 0xb3b2f30000 | 0xb3b302ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000b3b3030000 | 0xb3b3030000 | 0xb3b3033fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000b3b3040000 | 0xb3b3040000 | 0xb3b3040fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000b3b3050000 | 0xb3b3050000 | 0xb3b3051fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff8d0000 | 0x7df5ff8d0000 | 0x7ff5ff8cffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc6f0000 | 0x7ff7fc6f0000 | 0x7ff7fc712fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc714000 | 0x7ff7fc714000 | 0x7ff7fc714fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc71e000 | 0x7ff7fc71e000 | 0x7ff7fc71ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xef0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xf00000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xf10000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xf20000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xf30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xf40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xf50000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xf60000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xf70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xf80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xf90000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xfa0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xfb0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xfc0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xfd0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xfe0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0xff0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1000000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1010000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1020000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1030000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1040000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1050000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1060000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1070000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1080000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1090000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x10a0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x10b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x10c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x10d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x10e0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x10f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1100000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1110000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1120000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1130000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1140000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1150000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1160000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1170000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1180000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1190000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x11a0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x11b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x11c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x11d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x11f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1200000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1210000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1230000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1240000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1250000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1260000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1270000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1280000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1290000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x12a0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x12b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x12c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x12d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x12e0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x12f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1300000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1310000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1320000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1330000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1340000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1350000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1360000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1370000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1380000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1390000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x13a0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x13b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x13c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x13d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x13e0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x13f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1400000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1410000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1420000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1430000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1440000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1450000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1460000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1470000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1480000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1490000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x14a0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x14b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x14c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x14d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x14e0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x14f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1500000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1520000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1530000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1540000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1560000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1570000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1580000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1590000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x15a0000, size = 14 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x15b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x15c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x15d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x15e0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x15f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1600000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x13f0 | address = 0x1610000, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #57 / 0x7f4 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:57, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:38 |
| OS Thread IDs | #498 0xBC8 #499 0xA20 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x7f4 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x654, os_pid = 0x70c, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x70c, proc_address = 0xe20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0xe60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0xea0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0xee0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0xf20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0xf60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0xfa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0xfe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x1020000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x1060000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x10a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x10e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x1120000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x1160000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x11a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x11e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x1220000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x1260000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x12a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 25 | | 1 | |
| MEM | ALLOC | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x12e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x1320000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x1360000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x13a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x13e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x70c, proc_address = 0x1420000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x70c, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #58 / 0x1064 |
| OS Parent PID | 0xd40 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:58, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:37 |
| OS Thread IDs | #500 0x1060 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f4c7000 | 0x7f4c7000 | 0x7f4c7fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x0000002372b10000 | 0x2372b10000 | 0x2372b2ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000002372b30000 | 0x2372b30000 | 0x2372b43fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000002372b50000 | 0x2372b50000 | 0x2372c4ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000002372c50000 | 0x2372c50000 | 0x2372c53fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000002372c60000 | 0x2372c60000 | 0x2372c60fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000002372c70000 | 0x2372c70000 | 0x2372c71fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff8f0000 | 0x7df5ff8f0000 | 0x7ff5ff8effff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fd3c0000 | 0x7ff7fd3c0000 | 0x7ff7fd3e2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fd3eb000 | 0x7ff7fd3eb000 | 0x7ff7fd3ebfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fd3ee000 | 0x7ff7fd3ee000 | 0x7ff7fd3effff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xb10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xb20000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xb30000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xb40000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xb50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xb60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xb70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xb80000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xb90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xba0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xbb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xbc0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xbd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xbe0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xbf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xc00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xc10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xc20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xc30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xc50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xc60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xc70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xc80000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xc90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xca0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xcb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xcd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xce0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xcf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xd00000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xd10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xd20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xd30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xd40000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xd50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xd60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xd70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xd80000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xd90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xda0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xdc0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xdd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xde0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xe00000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xe10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xe20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xe30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xe40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xe50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xe60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xe70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xe80000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xe90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xea0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xeb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xec0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xed0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xee0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xef0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xf00000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xf10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xf20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xf40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xf50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xf60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xf70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xf80000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xf90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xfa0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xfb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xfc0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xfd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xfe0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0xff0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x1000000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x1010000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x1020000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x1030000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x1040000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x1050000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x1060000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x1070000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x1080000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x1090000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x10a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x10b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x10c0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x10d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x10e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x10f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x1100000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x1110000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x1120000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd08 | address = 0x1130000, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #59 / 0x1058 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:01:58, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:37 |
| OS Thread IDs | #501 0x1078 #502 0x1040 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x1058 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1038, os_pid = 0xba0, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0xba0, proc_address = 0xdf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0xe30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0xe70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xea0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xeb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0xeb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xec0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xed0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xee0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xef0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0xef0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0xf30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0xf70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0xfb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0xff0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0x1030000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0x1070000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0x10b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0x10f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0x1130000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0x1170000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0x11b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0x11f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0x1230000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0x1270000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 25 | | 1 | |
| MEM | ALLOC | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0x12b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0x12f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0x1330000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0x1370000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0x13b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xba0, proc_address = 0x13f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xba0, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #60 / 0x688 |
| OS Parent PID | 0x102c (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:01:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:36 |
| OS Thread IDs | #503 0x244 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000260000 | 0x00260000 | 0x00260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000270000 | 0x00270000 | 0x00270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x00280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000290000 | 0x00290000 | 0x00290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002a0000 | 0x002a0000 | 0x002a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000300000 | 0x00300000 | 0x00300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000310000 | 0x00310000 | 0x00310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000320000 | 0x00320000 | 0x00320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000330000 | 0x00330000 | 0x00330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000340000 | 0x00340000 | 0x00340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000350000 | 0x00350000 | 0x00350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000360000 | 0x00360000 | 0x00360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000370000 | 0x00370000 | 0x00370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000380000 | 0x00380000 | 0x00380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000390000 | 0x00390000 | 0x00390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003a0000 | 0x003a0000 | 0x003a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003c0000 | 0x003c0000 | 0x003c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000400000 | 0x00400000 | 0x00400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000410000 | 0x00410000 | 0x00410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000420000 | 0x00420000 | 0x00420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000430000 | 0x00430000 | 0x00430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000440000 | 0x00440000 | 0x00440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000450000 | 0x00450000 | 0x00450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000460000 | 0x00460000 | 0x00460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000470000 | 0x00470000 | 0x00470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000480000 | 0x00480000 | 0x00480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000490000 | 0x00490000 | 0x00490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004a0000 | 0x004a0000 | 0x004a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004b0000 | 0x004b0000 | 0x004b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004c0000 | 0x004c0000 | 0x004c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004f0000 | 0x004f0000 | 0x004f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000500000 | 0x00500000 | 0x00500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000520000 | 0x00520000 | 0x00520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000530000 | 0x00530000 | 0x00530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000550000 | 0x00550000 | 0x00550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000560000 | 0x00560000 | 0x00560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000570000 | 0x00570000 | 0x00570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x00580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000590000 | 0x00590000 | 0x00590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005a0000 | 0x005a0000 | 0x005a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005b0000 | 0x005b0000 | 0x005b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005c0000 | 0x005c0000 | 0x005c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005d0000 | 0x005d0000 | 0x005d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005e0000 | 0x005e0000 | 0x005e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000600000 | 0x00600000 | 0x00600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x00750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x00760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007f0000 | 0x007f0000 | 0x007f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000810000 | 0x00810000 | 0x00810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f289000 | 0x7f289000 | 0x7f289fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000c4be260000 | 0xc4be260000 | 0xc4be27ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000c4be280000 | 0xc4be280000 | 0xc4be293fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000c4be2a0000 | 0xc4be2a0000 | 0xc4be39ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000c4be3a0000 | 0xc4be3a0000 | 0xc4be3a3fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000c4be3b0000 | 0xc4be3b0000 | 0xc4be3b0fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000c4be3c0000 | 0xc4be3c0000 | 0xc4be3c1fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff4e0000 | 0x7df5ff4e0000 | 0x7ff5ff4dffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fd1b0000 | 0x7ff7fd1b0000 | 0x7ff7fd1d2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fd1d6000 | 0x7ff7fd1d6000 | 0x7ff7fd1d6fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fd1de000 | 0x7ff7fd1de000 | 0x7ff7fd1dffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x260000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x270000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x280000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x290000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x2a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x2b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x2c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x2d0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x2e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x2f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x300000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x310000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x320000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x330000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x340000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x350000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x360000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x370000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x380000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x390000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x3a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x3b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x3c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x3d0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x3e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x3f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x400000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x410000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x420000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x430000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x440000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x450000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x460000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x470000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x480000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x490000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x4a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x4b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x4c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x4d0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x4e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x4f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x500000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x510000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x520000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x530000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x540000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x550000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x560000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x570000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x580000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x590000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x5a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x5b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x5c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x5d0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x5e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x5f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x600000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x610000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x620000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x630000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x640000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x650000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x660000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x670000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x680000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x690000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x6a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x6b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x6c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x6d0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x6e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x6f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x700000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x710000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x720000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x730000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x740000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x750000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x760000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x770000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x780000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x790000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x7a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x7b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x7c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x7d0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x7e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x7f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x800000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x810000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x820000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x830000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x840000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x850000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x860000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x6d0 | address = 0x870000, size = 20 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #61 / 0x510 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:00, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:35 |
| OS Thread IDs | #504 0x794 #505 0x630 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x510 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0xc60, os_pid = 0x1144, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x1144, proc_address = 0x450000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x490000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x4d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x510000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x550000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x590000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x5d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x610000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x650000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x690000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x6d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x710000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x750000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x790000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x7d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x810000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x850000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x890000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x8d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 25 | | 1 | |
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1144, proc_address = 0x910000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1144, size = 20 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #62 / 0x70c |
| OS Parent PID | 0x7f4 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:01, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:34 |
| OS Thread IDs | #506 0x654 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001370000 | 0x01370000 | 0x01370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001380000 | 0x01380000 | 0x01380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001390000 | 0x01390000 | 0x01390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013a0000 | 0x013a0000 | 0x013a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013b0000 | 0x013b0000 | 0x013b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013c0000 | 0x013c0000 | 0x013c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013d0000 | 0x013d0000 | 0x013d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013e0000 | 0x013e0000 | 0x013e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013f0000 | 0x013f0000 | 0x013f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001400000 | 0x01400000 | 0x01400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001410000 | 0x01410000 | 0x01410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001420000 | 0x01420000 | 0x01420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f904000 | 0x7f904000 | 0x7f904fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000d4cee00000 | 0xd4cee00000 | 0xd4cee1ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000d4cee20000 | 0xd4cee20000 | 0xd4cee33fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000d4cee40000 | 0xd4cee40000 | 0xd4cef3ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000d4cef40000 | 0xd4cef40000 | 0xd4cef43fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000d4cef50000 | 0xd4cef50000 | 0xd4cef50fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000d4cef60000 | 0xd4cef60000 | 0xd4cef61fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ffbf0000 | 0x7df5ffbf0000 | 0x7ff5ffbeffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fca70000 | 0x7ff7fca70000 | 0x7ff7fca92fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fca9d000 | 0x7ff7fca9d000 | 0x7ff7fca9dfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fca9e000 | 0x7ff7fca9e000 | 0x7ff7fca9ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xe00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xe10000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xe20000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xe30000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xe40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xe50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xe60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xe70000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xe80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xe90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xea0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xeb0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xec0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xed0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xee0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xef0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xf00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xf10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xf20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xf30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xf40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xf50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xf60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xf70000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xf80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xf90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xfa0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xfb0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xfc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xfd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0xfe0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1000000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1010000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1020000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1040000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1050000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1060000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1080000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1090000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x10a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x10b0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x10c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x10d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x10e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x10f0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1100000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1110000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1120000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1130000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1140000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1150000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1160000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1170000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1180000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1190000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x11a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x11c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x11d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x11e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1200000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1210000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1220000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1230000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1250000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1260000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1270000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1280000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1290000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x12a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x12b0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x12c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x12d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x12e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x12f0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1300000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1310000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1320000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1330000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1340000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1350000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1360000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1370000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1380000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1390000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x13a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x13b0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x13c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x13d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x13e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x13f0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1400000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1410000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xbc8 | address = 0x1420000, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #63 / 0x11a4 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:01, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:34 |
| OS Thread IDs | #507 0xAA4 #508 0xBD4 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x11a4 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x5d8, os_pid = 0xce8, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0xce8, proc_address = 0x450000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x490000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x4d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x510000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x550000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x590000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x5d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x610000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x650000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x690000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x6d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x710000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x750000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x790000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x7d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x810000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x850000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x890000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x8d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 25 | | 1 | |
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x910000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x950000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x990000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xce8, proc_address = 0x9d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 13 | | 1 | |
| MEM | ALLOC | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xce8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #64 / 0xba0 |
| OS Parent PID | 0x1058 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:02, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:33 |
| OS Thread IDs | #509 0x1038 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00ea0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00eb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00ed0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ef0000 | 0x00ef0000 | 0x00ef0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f20000 | 0x00f20000 | 0x00f20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f40000 | 0x00f40000 | 0x00f40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f50000 | 0x00f50000 | 0x00f50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001370000 | 0x01370000 | 0x01370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001380000 | 0x01380000 | 0x01380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001390000 | 0x01390000 | 0x01390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013a0000 | 0x013a0000 | 0x013a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013b0000 | 0x013b0000 | 0x013b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013c0000 | 0x013c0000 | 0x013c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013d0000 | 0x013d0000 | 0x013d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013e0000 | 0x013e0000 | 0x013e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013f0000 | 0x013f0000 | 0x013f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001400000 | 0x01400000 | 0x01400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007fbd3000 | 0x7fbd3000 | 0x7fbd3fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000aae8dd0000 | 0xaae8dd0000 | 0xaae8deffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000aae8df0000 | 0xaae8df0000 | 0xaae8e03fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000aae8e10000 | 0xaae8e10000 | 0xaae8f0ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000aae8f10000 | 0xaae8f10000 | 0xaae8f13fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000aae8f20000 | 0xaae8f20000 | 0xaae8f20fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000aae8f30000 | 0xaae8f30000 | 0xaae8f31fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ffa60000 | 0x7df5ffa60000 | 0x7ff5ffa5ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc760000 | 0x7ff7fc760000 | 0x7ff7fc782fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc788000 | 0x7ff7fc788000 | 0x7ff7fc788fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc78e000 | 0x7ff7fc78e000 | 0x7ff7fc78ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xdd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xde0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xdf0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xe00000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xe10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xe20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xe30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xe40000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xe50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xe60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xe70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xe80000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xe90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xea0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xeb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xec0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xed0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xee0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xef0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xf00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xf10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xf20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xf30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xf40000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xf50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xf60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xf80000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xf90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xfa0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xfb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xfc0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xfd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xfe0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0xff0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1000000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1010000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1020000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1030000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1040000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1050000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1060000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1070000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1080000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1090000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x10a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x10b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x10c0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x10d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x10e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x10f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1100000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1110000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1120000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1130000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1140000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1150000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1160000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1170000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1180000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1190000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x11a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x11b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x11c0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x11e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1200000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1220000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1230000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1240000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1250000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1260000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1280000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1290000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x12a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x12b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x12c0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x12e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x12f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1300000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1320000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1330000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1340000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1350000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1360000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1380000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1390000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x13a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x13c0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x13d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x13e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x13f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1078 | address = 0x1400000, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #65 / 0x1164 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:03, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:32 |
| OS Thread IDs | #511 0x1168 #512 0x116C |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x1164 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x7c8, os_pid = 0x710, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x710, proc_address = 0x30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0xb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0xf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x130000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x170000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x1b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x1f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x230000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x270000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x2a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x2b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x2b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x2c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x2d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x2f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x330000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x370000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x3b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x3f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x430000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x470000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x4b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 25, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 25 | | 1 | |
| MEM | ALLOC | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x4f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x710, proc_address = 0x530000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x710, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #66 / 0x1144 |
| OS Parent PID | 0x510 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:03, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:32 |
| OS Thread IDs | #513 0xC60 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000430000 | 0x00430000 | 0x00430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000440000 | 0x00440000 | 0x00440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000450000 | 0x00450000 | 0x00450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000460000 | 0x00460000 | 0x00460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000470000 | 0x00470000 | 0x00470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000480000 | 0x00480000 | 0x00480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000490000 | 0x00490000 | 0x00490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004a0000 | 0x004a0000 | 0x004a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004b0000 | 0x004b0000 | 0x004b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004c0000 | 0x004c0000 | 0x004c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004f0000 | 0x004f0000 | 0x004f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000500000 | 0x00500000 | 0x00500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000520000 | 0x00520000 | 0x00520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000530000 | 0x00530000 | 0x00530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000550000 | 0x00550000 | 0x00550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000560000 | 0x00560000 | 0x00560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000570000 | 0x00570000 | 0x00570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x00580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000590000 | 0x00590000 | 0x00590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005a0000 | 0x005a0000 | 0x005a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005b0000 | 0x005b0000 | 0x005b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005c0000 | 0x005c0000 | 0x005c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005d0000 | 0x005d0000 | 0x005d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005e0000 | 0x005e0000 | 0x005e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000600000 | 0x00600000 | 0x00600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x00750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x00760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007f0000 | 0x007f0000 | 0x007f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000810000 | 0x00810000 | 0x00810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000890000 | 0x00890000 | 0x00890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007fbe9000 | 0x7fbe9000 | 0x7fbe9fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000aba8430000 | 0xaba8430000 | 0xaba844ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000aba8450000 | 0xaba8450000 | 0xaba8463fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000aba8470000 | 0xaba8470000 | 0xaba856ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000aba8570000 | 0xaba8570000 | 0xaba8573fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000aba8580000 | 0xaba8580000 | 0xaba8580fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000aba8590000 | 0xaba8590000 | 0xaba8591fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff800000 | 0x7df5ff800000 | 0x7ff5ff7fffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc6a0000 | 0x7ff7fc6a0000 | 0x7ff7fc6c2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc6ca000 | 0x7ff7fc6ca000 | 0x7ff7fc6cafff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc6ce000 | 0x7ff7fc6ce000 | 0x7ff7fc6cffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x430000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x440000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x450000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x460000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x470000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x480000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x490000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x4a0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x4b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x4c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x4d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x4e0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x4f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x500000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x510000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x520000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x530000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x540000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x550000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x560000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x570000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x580000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x590000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x5a0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x5b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x5c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x5d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x5e0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x5f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x600000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x610000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x620000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x630000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x640000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x650000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x660000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x670000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x680000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x690000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x6a0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x6b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x6c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x6d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x6e0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x6f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x700000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x710000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x720000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x730000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x740000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x750000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x760000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x770000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x780000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x790000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x7a0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x7b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x7c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x7d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x7e0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x7f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x800000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x810000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x820000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x830000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x840000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x850000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x860000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x870000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x880000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x890000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x8a0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x8b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x8c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x8d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x8e0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x8f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x900000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x910000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x920000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x930000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x794 | address = 0x940000, size = 20 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #67 / 0x84 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:04, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:31 |
| OS Thread IDs | #514 0x8BC #515 0xC70 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x84 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0xcfc, os_pid = 0xfbc, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0xfbc, proc_address = 0x4f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x530000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x570000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x5b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x5f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x630000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x670000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x6b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x6f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x730000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x770000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x7b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x7f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x830000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x870000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x8b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x8f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xfbc, proc_address = 0x930000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xfbc, size = 20 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #68 / 0xce8 |
| OS Parent PID | 0x11a4 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:05, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:30 |
| OS Thread IDs | #516 0x5D8 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000430000 | 0x00430000 | 0x00430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000440000 | 0x00440000 | 0x00440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000450000 | 0x00450000 | 0x00450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000460000 | 0x00460000 | 0x00460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000470000 | 0x00470000 | 0x00470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000480000 | 0x00480000 | 0x00480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000490000 | 0x00490000 | 0x00490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004a0000 | 0x004a0000 | 0x004a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004b0000 | 0x004b0000 | 0x004b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004c0000 | 0x004c0000 | 0x004c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004f0000 | 0x004f0000 | 0x004f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000500000 | 0x00500000 | 0x00500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000520000 | 0x00520000 | 0x00520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000530000 | 0x00530000 | 0x00530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000550000 | 0x00550000 | 0x00550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000560000 | 0x00560000 | 0x00560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000570000 | 0x00570000 | 0x00570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x00580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000590000 | 0x00590000 | 0x00590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005a0000 | 0x005a0000 | 0x005a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005b0000 | 0x005b0000 | 0x005b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005c0000 | 0x005c0000 | 0x005c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005d0000 | 0x005d0000 | 0x005d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005e0000 | 0x005e0000 | 0x005e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000600000 | 0x00600000 | 0x00600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x00750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x00760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007f0000 | 0x007f0000 | 0x007f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000810000 | 0x00810000 | 0x00810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000890000 | 0x00890000 | 0x00890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007ffcc000 | 0x7ffcc000 | 0x7ffccfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000b8da430000 | 0xb8da430000 | 0xb8da44ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000b8da450000 | 0xb8da450000 | 0xb8da463fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000b8da470000 | 0xb8da470000 | 0xb8da56ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000b8da570000 | 0xb8da570000 | 0xb8da573fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000b8da580000 | 0xb8da580000 | 0xb8da580fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000b8da590000 | 0xb8da590000 | 0xb8da591fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff2a0000 | 0x7df5ff2a0000 | 0x7ff5ff29ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc9d0000 | 0x7ff7fc9d0000 | 0x7ff7fc9f2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc9f7000 | 0x7ff7fc9f7000 | 0x7ff7fc9f7fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc9fe000 | 0x7ff7fc9fe000 | 0x7ff7fc9fffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x430000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x440000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x450000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x460000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x470000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x480000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x490000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x4a0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x4b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x4c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x4d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x4e0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x4f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x500000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x510000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x520000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x530000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x540000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x550000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x560000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x570000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x580000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x590000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x5a0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x5b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x5c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x5d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x5e0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x5f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x600000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x610000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x620000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x630000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x640000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x650000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x660000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x670000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x680000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x690000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x6a0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x6b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x6c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x6d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x6e0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x6f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x700000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x710000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x730000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x740000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x750000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x760000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x770000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x780000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x790000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x7b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x7c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x7d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x7e0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x7f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x800000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x810000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x820000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x830000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x840000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x850000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x860000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x870000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x880000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x890000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x8a0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x8b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x8c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x8d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x8e0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x8f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x900000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x910000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x920000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x930000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x940000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x950000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x960000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x970000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x980000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x990000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x9a0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x9b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x9c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x9d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x9e0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xaa4 | address = 0x9f0000, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #69 / 0x84c |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:06, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:29 |
| OS Thread IDs | #517 0xD70 #518 0x868 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x84c | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0xc6c, os_pid = 0x884, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x884, proc_address = 0xfa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0xfe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0x1020000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0x1060000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0x10a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0x10e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0x1120000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0x1160000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0x11a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0x11e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0x1220000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0x1260000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0x12a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0x12e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0x1320000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0x1360000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0x13a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x884, proc_address = 0x13e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x884, size = 10 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #70 / 0x710 |
| OS Parent PID | 0x1164 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:07, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:28 |
| OS Thread IDs | #519 0x7C8 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x00010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000040000 | 0x00040000 | 0x00040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000050000 | 0x00050000 | 0x00050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x00060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000090000 | 0x00090000 | 0x00090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000b0000 | 0x000b0000 | 0x000b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000110000 | 0x00110000 | 0x00110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000120000 | 0x00120000 | 0x00120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000130000 | 0x00130000 | 0x00130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000140000 | 0x00140000 | 0x00140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000150000 | 0x00150000 | 0x00150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000160000 | 0x00160000 | 0x00160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000170000 | 0x00170000 | 0x00170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000180000 | 0x00180000 | 0x00180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000190000 | 0x00190000 | 0x00190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001d0000 | 0x001d0000 | 0x001d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000200000 | 0x00200000 | 0x00200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000210000 | 0x00210000 | 0x00210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000220000 | 0x00220000 | 0x00220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000230000 | 0x00230000 | 0x00230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000240000 | 0x00240000 | 0x00240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000250000 | 0x00250000 | 0x00250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000260000 | 0x00260000 | 0x00260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000270000 | 0x00270000 | 0x00270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x00280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000290000 | 0x00290000 | 0x00290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002a0000 | 0x002a0000 | 0x002a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000300000 | 0x00300000 | 0x00300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000310000 | 0x00310000 | 0x00310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000320000 | 0x00320000 | 0x00320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000330000 | 0x00330000 | 0x00330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000340000 | 0x00340000 | 0x00340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000350000 | 0x00350000 | 0x00350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000360000 | 0x00360000 | 0x00360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000370000 | 0x00370000 | 0x00370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000380000 | 0x00380000 | 0x00380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000390000 | 0x00390000 | 0x00390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003a0000 | 0x003a0000 | 0x003a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003c0000 | 0x003c0000 | 0x003c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000400000 | 0x00400000 | 0x00400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000410000 | 0x00410000 | 0x00410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000420000 | 0x00420000 | 0x00420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000430000 | 0x00430000 | 0x00430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000440000 | 0x00440000 | 0x00440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000450000 | 0x00450000 | 0x00450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000460000 | 0x00460000 | 0x00460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000470000 | 0x00470000 | 0x00470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000480000 | 0x00480000 | 0x00480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000490000 | 0x00490000 | 0x00490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004a0000 | 0x004a0000 | 0x004a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004b0000 | 0x004b0000 | 0x004b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004c0000 | 0x004c0000 | 0x004c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004f0000 | 0x004f0000 | 0x004f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000500000 | 0x00500000 | 0x00500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000520000 | 0x00520000 | 0x00520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000530000 | 0x00530000 | 0x00530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000550000 | 0x00550000 | 0x00550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007fa3a000 | 0x7fa3a000 | 0x7fa3afff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x0000000100000000 | 0x100000000 | 0x10001ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000100020000 | 0x100020000 | 0x100033fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000100040000 | 0x100040000 | 0x10013ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000100140000 | 0x100140000 | 0x100143fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000100150000 | 0x100150000 | 0x100150fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000100160000 | 0x100160000 | 0x100161fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff3a0000 | 0x7df5ff3a0000 | 0x7ff5ff39ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fcdd0000 | 0x7ff7fcdd0000 | 0x7ff7fcdf2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fcdfa000 | 0x7ff7fcdfa000 | 0x7ff7fcdfafff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fcdfe000 | 0x7ff7fcdfe000 | 0x7ff7fcdfffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x20000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x30000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x40000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x80000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0xa0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0xb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0xc0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0xd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0xe0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0xf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x100000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x110000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x120000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x130000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x140000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x150000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x160000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x170000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x180000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x190000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x1a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x1b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x1c0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x1d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x1e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x1f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x200000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x210000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x220000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x230000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x240000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x250000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x260000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x270000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x280000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x290000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x2a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x2b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x2c0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x2d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x2e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x2f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x300000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x310000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x320000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x330000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x340000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x350000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x360000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x370000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x380000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x390000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x3a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x3b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x3c0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x3d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x3e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x3f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x400000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x410000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x420000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x430000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x440000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x450000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x460000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x470000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x480000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x490000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x4a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x4b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x4c0000, size = 25 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x4d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x4e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x4f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x500000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x510000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x520000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x530000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x540000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1168 | address = 0x550000, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #71 / 0xd74 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:07, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:28 |
| OS Thread IDs | #520 0xD48 #521 0x324 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0xd74 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x5f0, os_pid = 0xc5c, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xfe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0xc5c, proc_address = 0xfe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xff0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1000000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1010000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1020000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xc5c, proc_address = 0x1020000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1030000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1040000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1050000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1060000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xc5c, proc_address = 0x1060000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1070000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1080000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1090000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xc5c, proc_address = 0x10a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xc5c, proc_address = 0x10e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xc5c, proc_address = 0x1120000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xc5c, proc_address = 0x1160000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xc5c, proc_address = 0x11a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xc5c, proc_address = 0x11e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x11f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xc5c, proc_address = 0x1220000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xc5c, proc_address = 0x1260000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xc5c, proc_address = 0x12a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xc5c, proc_address = 0x12e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x12f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xc5c, proc_address = 0x1320000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xc5c, proc_address = 0x1360000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xc5c, proc_address = 0x13a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x13e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xc5c, proc_address = 0x13e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #72 / 0xfbc |
| OS Parent PID | 0x84 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:08, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:27 |
| OS Thread IDs | #522 0xCFC |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004f0000 | 0x004f0000 | 0x004f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000500000 | 0x00500000 | 0x00500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000520000 | 0x00520000 | 0x00520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000530000 | 0x00530000 | 0x00530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000550000 | 0x00550000 | 0x00550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000560000 | 0x00560000 | 0x00560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000570000 | 0x00570000 | 0x00570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x00580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000590000 | 0x00590000 | 0x00590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005a0000 | 0x005a0000 | 0x005a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005b0000 | 0x005b0000 | 0x005b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005c0000 | 0x005c0000 | 0x005c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005d0000 | 0x005d0000 | 0x005d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005e0000 | 0x005e0000 | 0x005e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000600000 | 0x00600000 | 0x00600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x00750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x00760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007f0000 | 0x007f0000 | 0x007f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000810000 | 0x00810000 | 0x00810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000890000 | 0x00890000 | 0x00890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f7f9000 | 0x7f7f9000 | 0x7f7f9fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000b9e74d0000 | 0xb9e74d0000 | 0xb9e74effff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000b9e74f0000 | 0xb9e74f0000 | 0xb9e7503fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000b9e7510000 | 0xb9e7510000 | 0xb9e760ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000b9e7610000 | 0xb9e7610000 | 0xb9e7613fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000b9e7620000 | 0xb9e7620000 | 0xb9e7620fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000b9e7630000 | 0xb9e7630000 | 0xb9e7631fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff990000 | 0x7df5ff990000 | 0x7ff5ff98ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc860000 | 0x7ff7fc860000 | 0x7ff7fc882fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc88d000 | 0x7ff7fc88d000 | 0x7ff7fc88dfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc88e000 | 0x7ff7fc88e000 | 0x7ff7fc88ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x4d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x4e0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x4f0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x500000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x510000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x520000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x530000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x540000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x550000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x560000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x570000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x580000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x590000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x5a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x5b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x5c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x5d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x5e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x5f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x600000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x610000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x620000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x630000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x640000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x650000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x660000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x670000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x680000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x690000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x6a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x6b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x6c0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x6d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x6e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x6f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x700000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x710000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x720000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x730000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x740000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x750000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x760000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x770000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x780000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x790000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x7b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x7c0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x7d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x7f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x800000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x810000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x830000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x840000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x850000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x860000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x870000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x880000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x890000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x8a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x8b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x8c0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x8d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x8e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x900000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x910000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x920000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x940000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8bc | address = 0x950000, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #73 / 0xcf0 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:08, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:27 |
| OS Thread IDs | #523 0x1184 #524 0x1188 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0xcf0 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x12f8, os_pid = 0x12f4, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x12f4, proc_address = 0x30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12f4, proc_address = 0x70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12f4, proc_address = 0xb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12f4, proc_address = 0xf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12f4, proc_address = 0x130000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12f4, proc_address = 0x170000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12f4, proc_address = 0x1b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x1d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12f4, proc_address = 0x1f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12f4, proc_address = 0x230000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12f4, proc_address = 0x270000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x2a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x2b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12f4, proc_address = 0x2b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x2c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x2d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12f4, proc_address = 0x2f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x320000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x330000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12f4, proc_address = 0x330000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x340000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x350000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x360000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x370000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12f4, proc_address = 0x370000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12f4, proc_address = 0x3b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12f4, proc_address = 0x3f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x12f4, proc_address = 0x430000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x12f4, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #74 / 0x1190 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:10, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:25 |
| OS Thread IDs | #525 0x1208 #527 0xC58 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x1190 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x11c4, os_pid = 0x115c, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x750000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x760000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x115c, proc_address = 0x760000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x770000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x780000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x790000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x115c, proc_address = 0x7a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x115c, proc_address = 0x7e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x7f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x800000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x810000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x820000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x115c, proc_address = 0x820000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x830000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x840000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x850000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x860000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x115c, proc_address = 0x860000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x870000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x880000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x890000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x115c, proc_address = 0x8a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x115c, proc_address = 0x8e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x115c, proc_address = 0x920000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x115c, proc_address = 0x960000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x115c, proc_address = 0x9a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x115c, proc_address = 0x9e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x115c, proc_address = 0xa20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x115c, proc_address = 0xa60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x115c, proc_address = 0xaa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x115c, proc_address = 0xae0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x115c, proc_address = 0xb20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x115c, proc_address = 0xb60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #75 / 0x884 |
| OS Parent PID | 0x84c (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:10, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:25 |
| OS Thread IDs | #526 0xC6C |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x00fb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001370000 | 0x01370000 | 0x01370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001380000 | 0x01380000 | 0x01380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001390000 | 0x01390000 | 0x01390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013a0000 | 0x013a0000 | 0x013a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013b0000 | 0x013b0000 | 0x013b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013c0000 | 0x013c0000 | 0x013c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013d0000 | 0x013d0000 | 0x013d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013e0000 | 0x013e0000 | 0x013e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007fd18000 | 0x7fd18000 | 0x7fd18fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000c584f80000 | 0xc584f80000 | 0xc584f9ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000c584fa0000 | 0xc584fa0000 | 0xc584fb3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000c584fc0000 | 0xc584fc0000 | 0xc5850bffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000c5850c0000 | 0xc5850c0000 | 0xc5850c3fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000c5850d0000 | 0xc5850d0000 | 0xc5850d0fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000c5850e0000 | 0xc5850e0000 | 0xc5850e1fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ffd80000 | 0x7df5ffd80000 | 0x7ff5ffd7ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fcc40000 | 0x7ff7fcc40000 | 0x7ff7fcc62fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fcc69000 | 0x7ff7fcc69000 | 0x7ff7fcc69fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fcc6e000 | 0x7ff7fcc6e000 | 0x7ff7fcc6ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0xf80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0xf90000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0xfa0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0xfb0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0xfc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0xfd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0xfe0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0xff0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1000000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1010000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1020000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1030000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1040000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1050000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1060000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1070000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1080000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1090000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x10a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x10b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x10c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x10d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x10e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x10f0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1100000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1110000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1120000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1130000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1140000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1150000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1160000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1170000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1180000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1190000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x11a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x11b0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x11c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x11d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x11e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x11f0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1200000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1210000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1230000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1240000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1250000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1260000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1270000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1280000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1290000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x12b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x12c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x12d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x12f0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1300000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1310000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1320000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1330000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1340000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1350000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1360000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1370000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1380000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x1390000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x13a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x13b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x13c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x13d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd70 | address = 0x13e0000, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #76 / 0xc5c |
| OS Parent PID | 0xd74 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:11, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:24 |
| OS Thread IDs | #528 0x5F0 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000fc0000 | 0x00fc0000 | 0x00fc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fd0000 | 0x00fd0000 | 0x00fd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000fe0000 | 0x00fe0000 | 0x00fe0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ff0000 | 0x00ff0000 | 0x00ff0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001000000 | 0x01000000 | 0x01000fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001010000 | 0x01010000 | 0x01010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001020000 | 0x01020000 | 0x01020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001030000 | 0x01030000 | 0x01030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001050000 | 0x01050000 | 0x01050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001060000 | 0x01060000 | 0x01060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001070000 | 0x01070000 | 0x01070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001080000 | 0x01080000 | 0x01080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001090000 | 0x01090000 | 0x01090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010a0000 | 0x010a0000 | 0x010a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010b0000 | 0x010b0000 | 0x010b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010c0000 | 0x010c0000 | 0x010c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010d0000 | 0x010d0000 | 0x010d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010e0000 | 0x010e0000 | 0x010e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000010f0000 | 0x010f0000 | 0x010f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001100000 | 0x01100000 | 0x01100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001110000 | 0x01110000 | 0x01110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001120000 | 0x01120000 | 0x01120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001130000 | 0x01130000 | 0x01130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001140000 | 0x01140000 | 0x01140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001150000 | 0x01150000 | 0x01150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001160000 | 0x01160000 | 0x01160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001170000 | 0x01170000 | 0x01170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001180000 | 0x01180000 | 0x01180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001190000 | 0x01190000 | 0x01190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011a0000 | 0x011a0000 | 0x011a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011c0000 | 0x011c0000 | 0x011c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011d0000 | 0x011d0000 | 0x011d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011e0000 | 0x011e0000 | 0x011e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001200000 | 0x01200000 | 0x01200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001210000 | 0x01210000 | 0x01210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001220000 | 0x01220000 | 0x01220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001230000 | 0x01230000 | 0x01230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001240000 | 0x01240000 | 0x01240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001260000 | 0x01260000 | 0x01260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001270000 | 0x01270000 | 0x01270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001280000 | 0x01280000 | 0x01280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001290000 | 0x01290000 | 0x01290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012a0000 | 0x012a0000 | 0x012a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012b0000 | 0x012b0000 | 0x012b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012c0000 | 0x012c0000 | 0x012c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000012f0000 | 0x012f0000 | 0x012f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001300000 | 0x01300000 | 0x01300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001310000 | 0x01310000 | 0x01310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001320000 | 0x01320000 | 0x01320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001330000 | 0x01330000 | 0x01330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001340000 | 0x01340000 | 0x01340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001350000 | 0x01350000 | 0x01350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001360000 | 0x01360000 | 0x01360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001370000 | 0x01370000 | 0x01370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001380000 | 0x01380000 | 0x01380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000001390000 | 0x01390000 | 0x01390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013a0000 | 0x013a0000 | 0x013a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013b0000 | 0x013b0000 | 0x013b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013c0000 | 0x013c0000 | 0x013c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013d0000 | 0x013d0000 | 0x013d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000013e0000 | 0x013e0000 | 0x013e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f0f3000 | 0x7f0f3000 | 0x7f0f3fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x00000018b2fc0000 | 0x18b2fc0000 | 0x18b2fdffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000018b2fe0000 | 0x18b2fe0000 | 0x18b2ff3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000018b3000000 | 0x18b3000000 | 0x18b30fffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000018b3100000 | 0x18b3100000 | 0x18b3103fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000018b3110000 | 0x18b3110000 | 0x18b3110fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000018b3120000 | 0x18b3120000 | 0x18b3121fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff3a0000 | 0x7df5ff3a0000 | 0x7ff5ff39ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fd490000 | 0x7ff7fd490000 | 0x7ff7fd4b2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fd4b3000 | 0x7ff7fd4b3000 | 0x7ff7fd4b3fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fd4be000 | 0x7ff7fd4be000 | 0x7ff7fd4bffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0xfc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0xfd0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0xfe0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0xff0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1000000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1010000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1020000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1030000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1040000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1050000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1060000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1070000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1080000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1090000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x10a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x10b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x10c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x10d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x10e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x10f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1100000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1110000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1130000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1140000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1150000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1170000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1180000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1190000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x11a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x11b0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x11c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x11d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x11e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x11f0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1200000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1210000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1220000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1230000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1240000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1250000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1270000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1280000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1290000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x12a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x12b0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x12c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x12e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x12f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1310000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1320000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1330000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1340000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1350000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1360000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1370000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1380000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x1390000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x13a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x13b0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x13c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x13d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xd48 | address = 0x13e0000, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #77 / 0x980 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:11, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:24 |
| OS Thread IDs | #529 0x11A0 #530 0xD20 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x980 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1148, os_pid = 0x1150, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x1150, proc_address = 0xaa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1150, proc_address = 0xae0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1150, proc_address = 0xb20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1150, proc_address = 0xb60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1150, proc_address = 0xba0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1150, proc_address = 0xbe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1150, proc_address = 0xc20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1150, proc_address = 0xc60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1150, proc_address = 0xca0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1150, proc_address = 0xce0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1150, proc_address = 0xd20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1150, proc_address = 0xd60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1150, proc_address = 0xda0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1150, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #78 / 0x12f4 |
| OS Parent PID | 0xcf0 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:12, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:23 |
| OS Thread IDs | #531 0x12F8 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x00010fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000040000 | 0x00040000 | 0x00040fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000050000 | 0x00050000 | 0x00050fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x00060fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000090000 | 0x00090000 | 0x00090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000b0000 | 0x000b0000 | 0x000b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000110000 | 0x00110000 | 0x00110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000120000 | 0x00120000 | 0x00120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000130000 | 0x00130000 | 0x00130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000140000 | 0x00140000 | 0x00140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000150000 | 0x00150000 | 0x00150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000160000 | 0x00160000 | 0x00160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000170000 | 0x00170000 | 0x00170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000180000 | 0x00180000 | 0x00180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000190000 | 0x00190000 | 0x00190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001d0000 | 0x001d0000 | 0x001d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000200000 | 0x00200000 | 0x00200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000210000 | 0x00210000 | 0x00210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000220000 | 0x00220000 | 0x00220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000230000 | 0x00230000 | 0x00230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000240000 | 0x00240000 | 0x00240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000250000 | 0x00250000 | 0x00250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000260000 | 0x00260000 | 0x00260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000270000 | 0x00270000 | 0x00270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x00280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000290000 | 0x00290000 | 0x00290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002a0000 | 0x002a0000 | 0x002a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000300000 | 0x00300000 | 0x00300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000310000 | 0x00310000 | 0x00310fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000320000 | 0x00320000 | 0x00320fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000330000 | 0x00330000 | 0x00330fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000340000 | 0x00340000 | 0x00340fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000350000 | 0x00350000 | 0x00350fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000360000 | 0x00360000 | 0x00360fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000370000 | 0x00370000 | 0x00370fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000380000 | 0x00380000 | 0x00380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000390000 | 0x00390000 | 0x00390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003a0000 | 0x003a0000 | 0x003a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003c0000 | 0x003c0000 | 0x003c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000400000 | 0x00400000 | 0x00400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000410000 | 0x00410000 | 0x00410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000420000 | 0x00420000 | 0x00420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000430000 | 0x00430000 | 0x00430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000440000 | 0x00440000 | 0x00440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000450000 | 0x00450000 | 0x00450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007fd58000 | 0x7fd58000 | 0x7fd58fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x0000002cac000000 | 0x2cac000000 | 0x2cac01ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000002cac020000 | 0x2cac020000 | 0x2cac033fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000002cac040000 | 0x2cac040000 | 0x2cac13ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000002cac140000 | 0x2cac140000 | 0x2cac143fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000002cac150000 | 0x2cac150000 | 0x2cac150fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000002cac160000 | 0x2cac160000 | 0x2cac161fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff710000 | 0x7df5ff710000 | 0x7ff5ff70ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc890000 | 0x7ff7fc890000 | 0x7ff7fc8b2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc8bd000 | 0x7ff7fc8bd000 | 0x7ff7fc8bdfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc8be000 | 0x7ff7fc8be000 | 0x7ff7fc8bffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x20000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x30000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x40000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x80000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0xa0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0xb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0xc0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0xd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0xe0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0xf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x100000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x110000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x120000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x130000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x140000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x150000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x160000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x170000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x180000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x190000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x1a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x1b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x1c0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x1d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x1e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x1f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x200000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x210000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x220000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x230000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x240000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x250000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x260000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x270000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x280000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x290000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x2a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x2b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x2c0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x2d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x2e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x2f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x300000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x310000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x320000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x330000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x340000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x350000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x360000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x370000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x380000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x390000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x3a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x3b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x3c0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x3d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x3e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x3f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x400000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x410000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x420000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x430000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1184 | address = 0x440000, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #79 / 0x750 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:13, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:22 |
| OS Thread IDs | #532 0x1EC #533 0x114C |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x750 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0xd6c, os_pid = 0x11d0, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x380000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x390000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x11d0, proc_address = 0x3a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d0, proc_address = 0x3e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x3f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x400000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x420000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d0, proc_address = 0x420000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x430000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x440000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x450000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x460000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d0, proc_address = 0x460000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x470000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x480000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x490000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d0, proc_address = 0x4a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d0, proc_address = 0x4e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d0, proc_address = 0x520000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d0, proc_address = 0x560000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d0, proc_address = 0x5a0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d0, proc_address = 0x5e0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x11d0, proc_address = 0x620000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x11d0, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #80 / 0x115c |
| OS Parent PID | 0x1190 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:13, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:22 |
| OS Thread IDs | #534 0x11C4 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000750000 | 0x00750000 | 0x00750fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000760000 | 0x00760000 | 0x00760fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007c0000 | 0x007c0000 | 0x007c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007d0000 | 0x007d0000 | 0x007d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000007f0000 | 0x007f0000 | 0x007f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000810000 | 0x00810000 | 0x00810fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000820000 | 0x00820000 | 0x00820fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000830000 | 0x00830000 | 0x00830fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000840000 | 0x00840000 | 0x00840fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000850000 | 0x00850000 | 0x00850fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000870000 | 0x00870000 | 0x00870fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000880000 | 0x00880000 | 0x00880fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000890000 | 0x00890000 | 0x00890fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008a0000 | 0x008a0000 | 0x008a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f387000 | 0x7f387000 | 0x7f387fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000b62e740000 | 0xb62e740000 | 0xb62e75ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000b62e760000 | 0xb62e760000 | 0xb62e773fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000b62e780000 | 0xb62e780000 | 0xb62e87ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000b62e880000 | 0xb62e880000 | 0xb62e883fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000b62e890000 | 0xb62e890000 | 0xb62e890fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000b62e8a0000 | 0xb62e8a0000 | 0xb62e8a1fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5fff60000 | 0x7df5fff60000 | 0x7ff5fff5ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc6b0000 | 0x7ff7fc6b0000 | 0x7ff7fc6d2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc6dd000 | 0x7ff7fc6dd000 | 0x7ff7fc6defff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc6df000 | 0x7ff7fc6df000 | 0x7ff7fc6dffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x740000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x750000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x760000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x770000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x780000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x790000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x7a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x7b0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x7c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x7d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x7e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x7f0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x800000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x810000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x820000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x830000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x840000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x850000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x860000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x870000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x880000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x890000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x8a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x8b0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x8c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x8d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x8e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x900000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x910000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x920000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x930000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x940000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x950000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x960000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x970000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x980000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x990000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x9a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x9b0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x9c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x9d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x9e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0x9f0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xa00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xa10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xa20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xa30000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xa40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xa50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xa60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xa70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xa80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xa90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xaa0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xab0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xac0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xad0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xaf0000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xb00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xb20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xb30000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xb40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xb50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1208 | address = 0xb60000, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #81 / 0x1154 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:14, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:21 |
| OS Thread IDs | #535 0xCEC #536 0x1158 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x1154 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x480, os_pid = 0x4b4, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x4b4, proc_address = 0x4d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x4f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x500000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x510000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x4b4, proc_address = 0x510000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x520000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x530000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x540000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x550000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x4b4, proc_address = 0x550000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x560000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x570000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x580000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x590000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x4b4, proc_address = 0x590000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x4b4, proc_address = 0x5d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x5f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x600000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x610000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x4b4, proc_address = 0x610000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x620000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x4b4, proc_address = 0x650000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x4b4, proc_address = 0x690000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x4b4, proc_address = 0x6d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x4b4, proc_address = 0x710000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x740000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x4b4, size = 20 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #82 / 0x1150 |
| OS Parent PID | 0x980 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:15, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:20 |
| OS Thread IDs | #537 0x1148 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f235000 | 0x7f235000 | 0x7f235fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000fd60a80000 | 0xfd60a80000 | 0xfd60a9ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000fd60aa0000 | 0xfd60aa0000 | 0xfd60ab3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000fd60ac0000 | 0xfd60ac0000 | 0xfd60bbffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000fd60bc0000 | 0xfd60bc0000 | 0xfd60bc3fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000fd60bd0000 | 0xfd60bd0000 | 0xfd60bd0fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000fd60be0000 | 0xfd60be0000 | 0xfd60be1fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ffed0000 | 0x7df5ffed0000 | 0x7ff5ffecffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fd1c0000 | 0x7ff7fd1c0000 | 0x7ff7fd1e2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fd1e9000 | 0x7ff7fd1e9000 | 0x7ff7fd1e9fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fd1ee000 | 0x7ff7fd1ee000 | 0x7ff7fd1effff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xa80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xa90000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xaa0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xab0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xac0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xad0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xae0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xaf0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xb00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xb10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xb20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xb30000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xb40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xb50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xb60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xb70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xb80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xb90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xba0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xbb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xbc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xbd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xbe0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xbf0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xc00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xc10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xc20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xc30000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xc40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xc50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xc60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xc70000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xc80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xc90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xca0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xcb0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xcc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xcd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xce0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xcf0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xd00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xd10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xd20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xd30000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xd40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xd50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xd60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xd70000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xd80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xd90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xda0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x11a0 | address = 0xdb0000, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #83 / 0x56c |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:16, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:19 |
| OS Thread IDs | #538 0x66C #539 0x1204 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x56c | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x880, os_pid = 0x21c, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x21c, proc_address = 0x900000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x21c, proc_address = 0x940000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x21c, proc_address = 0x980000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x21c, proc_address = 0x9c0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x21c, proc_address = 0xa00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x21c, proc_address = 0xa40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x21c, proc_address = 0xa80000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x21c, proc_address = 0xac0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x21c, proc_address = 0xb00000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x21c, proc_address = 0xb40000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x21c, size = 16 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #84 / 0x11d0 |
| OS Parent PID | 0x750 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:16, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:19 |
| OS Thread IDs | #540 0xD6C |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000380000 | 0x00380000 | 0x00380fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000390000 | 0x00390000 | 0x00390fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003a0000 | 0x003a0000 | 0x003a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003c0000 | 0x003c0000 | 0x003c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000400000 | 0x00400000 | 0x00400fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000410000 | 0x00410000 | 0x00410fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000420000 | 0x00420000 | 0x00420fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000430000 | 0x00430000 | 0x00430fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000440000 | 0x00440000 | 0x00440fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000450000 | 0x00450000 | 0x00450fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000460000 | 0x00460000 | 0x00460fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000470000 | 0x00470000 | 0x00470fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000480000 | 0x00480000 | 0x00480fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000490000 | 0x00490000 | 0x00490fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004a0000 | 0x004a0000 | 0x004a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004b0000 | 0x004b0000 | 0x004b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004c0000 | 0x004c0000 | 0x004c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004f0000 | 0x004f0000 | 0x004f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000500000 | 0x00500000 | 0x00500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000520000 | 0x00520000 | 0x00520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000530000 | 0x00530000 | 0x00530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000550000 | 0x00550000 | 0x00550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000560000 | 0x00560000 | 0x00560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000570000 | 0x00570000 | 0x00570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x00580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000590000 | 0x00590000 | 0x00590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005a0000 | 0x005a0000 | 0x005a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005b0000 | 0x005b0000 | 0x005b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005c0000 | 0x005c0000 | 0x005c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005d0000 | 0x005d0000 | 0x005d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005e0000 | 0x005e0000 | 0x005e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000600000 | 0x00600000 | 0x00600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f35a000 | 0x7f35a000 | 0x7f35afff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000c91d380000 | 0xc91d380000 | 0xc91d39ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000c91d3a0000 | 0xc91d3a0000 | 0xc91d3b3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000c91d3c0000 | 0xc91d3c0000 | 0xc91d4bffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000c91d4c0000 | 0xc91d4c0000 | 0xc91d4c3fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000c91d4d0000 | 0xc91d4d0000 | 0xc91d4d0fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000c91d4e0000 | 0xc91d4e0000 | 0xc91d4e1fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ffcf0000 | 0x7df5ffcf0000 | 0x7ff5ffceffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fccd0000 | 0x7ff7fccd0000 | 0x7ff7fccf2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fccfd000 | 0x7ff7fccfd000 | 0x7ff7fccfefff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fccff000 | 0x7ff7fccff000 | 0x7ff7fccfffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x380000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x390000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x3a0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x3b0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x3c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x3d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x3e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x3f0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x400000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x410000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x420000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x430000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x440000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x450000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x460000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x470000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x480000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x490000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x4a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x4b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x4c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x4d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x4e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x4f0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x500000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x510000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x520000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x530000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x540000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x550000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x560000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x570000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x580000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x590000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x5a0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x5b0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x5c0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x5d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x5e0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x5f0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x600000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x610000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x620000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1ec | address = 0x630000, size = 15 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #85 / 0xd50 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:18, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:17 |
| OS Thread IDs | #542 0x824 #543 0x90C |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0xd50 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x878, os_pid = 0xb7c, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0xb7c, proc_address = 0xaa0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xab0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xac0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xad0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xae0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb7c, proc_address = 0xae0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xaf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb7c, proc_address = 0xb20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb7c, proc_address = 0xb60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xba0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb7c, proc_address = 0xba0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb7c, proc_address = 0xbe0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xbf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb7c, proc_address = 0xc20000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb7c, proc_address = 0xc60000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb7c, proc_address = 0xca0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb7c, proc_address = 0xce0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb7c, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #86 / 0x4b4 |
| OS Parent PID | 0x1154 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:19, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:16 |
| OS Thread IDs | #544 0x480 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x00000000004b0000 | 0x004b0000 | 0x004b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004c0000 | 0x004c0000 | 0x004c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000004f0000 | 0x004f0000 | 0x004f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000500000 | 0x00500000 | 0x00500fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000510000 | 0x00510000 | 0x00510fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000520000 | 0x00520000 | 0x00520fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000530000 | 0x00530000 | 0x00530fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000540000 | 0x00540000 | 0x00540fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000550000 | 0x00550000 | 0x00550fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000560000 | 0x00560000 | 0x00560fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000570000 | 0x00570000 | 0x00570fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x00580fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000590000 | 0x00590000 | 0x00590fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005a0000 | 0x005a0000 | 0x005a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005b0000 | 0x005b0000 | 0x005b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005c0000 | 0x005c0000 | 0x005c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005d0000 | 0x005d0000 | 0x005d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005e0000 | 0x005e0000 | 0x005e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000600000 | 0x00600000 | 0x00600fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000610000 | 0x00610000 | 0x00610fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000620000 | 0x00620000 | 0x00620fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007fa5a000 | 0x7fa5a000 | 0x7fa5afff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x00000023734b0000 | 0x23734b0000 | 0x23734cffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000023734d0000 | 0x23734d0000 | 0x23734e3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000023734f0000 | 0x23734f0000 | 0x23735effff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000023735f0000 | 0x23735f0000 | 0x23735f3fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000002373600000 | 0x2373600000 | 0x2373600fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000002373610000 | 0x2373610000 | 0x2373611fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff190000 | 0x7df5ff190000 | 0x7ff5ff18ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc840000 | 0x7ff7fc840000 | 0x7ff7fc862fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc86a000 | 0x7ff7fc86a000 | 0x7ff7fc86afff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc86e000 | 0x7ff7fc86e000 | 0x7ff7fc86ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x4b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x4c0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x4d0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x4e0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x4f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x500000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x510000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x520000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x530000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x540000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x550000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x560000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x570000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x580000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x590000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x5a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x5b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x5c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x5d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x5e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x5f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x600000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x610000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x620000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x630000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x640000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x650000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x660000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x670000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x680000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x690000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x6a0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x6b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x6c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x6d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x6e0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x6f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x700000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x710000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x720000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xcec | address = 0x730000, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #87 / 0x704 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:19, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:16 |
| OS Thread IDs | #545 0x1FC #546 0xA64 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x704 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x79c, os_pid = 0x1f4, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x1f4, proc_address = 0xc70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xca0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1f4, proc_address = 0xcb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xce0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xcf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1f4, proc_address = 0xcf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1f4, proc_address = 0xd30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1f4, proc_address = 0xd70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1f4, proc_address = 0xdb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 9 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1f4, proc_address = 0xdf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 10 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1f4, proc_address = 0xe30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 15 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1f4, proc_address = 0xe70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 16 | | 1 | |
| MEM | ALLOC | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f4, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #88 / 0x21c |
| OS Parent PID | 0x56c (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:20, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:15 |
| OS Thread IDs | #547 0x880 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f89f000 | 0x7f89f000 | 0x7f89ffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x0000008f1e8e0000 | 0x8f1e8e0000 | 0x8f1e8fffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000008f1e900000 | 0x8f1e900000 | 0x8f1e913fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000008f1e920000 | 0x8f1e920000 | 0x8f1ea1ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000008f1ea20000 | 0x8f1ea20000 | 0x8f1ea23fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000008f1ea30000 | 0x8f1ea30000 | 0x8f1ea30fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000008f1ea40000 | 0x8f1ea40000 | 0x8f1ea41fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5fff20000 | 0x7df5fff20000 | 0x7ff5fff1ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc580000 | 0x7ff7fc580000 | 0x7ff7fc5a2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc5ac000 | 0x7ff7fc5ac000 | 0x7ff7fc5adfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc5ae000 | 0x7ff7fc5ae000 | 0x7ff7fc5aefff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x8e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x8f0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x900000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x910000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x920000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x930000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x940000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x950000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x960000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x970000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x980000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x990000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x9a0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x9b0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x9c0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x9d0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x9e0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0x9f0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0xa00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0xa10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0xa20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0xa30000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0xa40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0xa50000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0xa60000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0xa70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0xa90000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0xab0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | No corresponding api call detected. Probably injected code via shellcode. | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0xad0000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0xae0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0xb00000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0xb10000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0xb20000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | address = 0xb40000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x66c | No corresponding api call detected. Probably injected code via shellcode. | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #89 / 0x8e0 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:21, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:14 |
| OS Thread IDs | #548 0xA78 #549 0x938 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x8e0 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x2d4, os_pid = 0xb5c, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0xb5c, proc_address = 0xb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb5c, proc_address = 0xf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x100000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x110000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x120000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x130000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb5c, proc_address = 0x130000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x140000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x150000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x160000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x170000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb5c, proc_address = 0x170000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x180000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x190000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb5c, proc_address = 0x1b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x1c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x1e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x1f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x1f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb5c, proc_address = 0x1f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 9, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x200000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 9 | | 1 | |
| MEM | ALLOC | address = 0x210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x210000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x220000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x230000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb5c, proc_address = 0x230000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x240000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 10 | | 1 | |
| MEM | ALLOC | address = 0x250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x250000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x260000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x270000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb5c, proc_address = 0x270000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 15, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x280000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 15 | | 1 | |
| MEM | ALLOC | address = 0x290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x290000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x2a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x2b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb5c, proc_address = 0x2b0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x2c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x2d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x2f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb5c, proc_address = 0x2f0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 16, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x300000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 16 | | 1 | |
| MEM | ALLOC | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x310000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb5c, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #90 / 0x8fc |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:21, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:14 |
| OS Thread IDs | #550 0x8B4 #551 0x890 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x8fc | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x454, os_pid = 0x8c4, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x8c4, proc_address = 0x8d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x8f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x900000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x910000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x8c4, proc_address = 0x910000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x920000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x8c4, proc_address = 0x950000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x8c4, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #91 / 0xb7c |
| OS Parent PID | 0xd50 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:22, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:13 |
| OS Thread IDs | #552 0x878 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00aa0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ab0000 | 0x00ab0000 | 0x00ab0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ac0000 | 0x00ac0000 | 0x00ac0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ad0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00ae0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000af0000 | 0x00af0000 | 0x00af0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b10000 | 0x00b10000 | 0x00b10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b20000 | 0x00b20000 | 0x00b20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b30000 | 0x00b30000 | 0x00b30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b40000 | 0x00b40000 | 0x00b40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b80000 | 0x00b80000 | 0x00b80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bb0000 | 0x00bb0000 | 0x00bb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00bd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000be0000 | 0x00be0000 | 0x00be0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000bf0000 | 0x00bf0000 | 0x00bf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c00000 | 0x00c00000 | 0x00c00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c10000 | 0x00c10000 | 0x00c10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f980000 | 0x7f980000 | 0x7f980fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x0000000a9fa80000 | 0xa9fa80000 | 0xa9fa9ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000a9faa0000 | 0xa9faa0000 | 0xa9fab3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000a9fac0000 | 0xa9fac0000 | 0xa9fbbffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000a9fbc0000 | 0xa9fbc0000 | 0xa9fbc3fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000a9fbd0000 | 0xa9fbd0000 | 0xa9fbd0fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000a9fbe0000 | 0xa9fbe0000 | 0xa9fbe1fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff880000 | 0x7df5ff880000 | 0x7ff5ff87ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc800000 | 0x7ff7fc800000 | 0x7ff7fc822fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc82d000 | 0x7ff7fc82d000 | 0x7ff7fc82dfff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc82e000 | 0x7ff7fc82e000 | 0x7ff7fc82ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xa80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xa90000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xaa0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xab0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xac0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xad0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xae0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xaf0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xb00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xb10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xb20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xb30000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xb40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xb50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xb60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xb70000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xb80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xb90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xba0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xbb0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xbc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xbd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xbe0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xbf0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xc00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xc10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xc20000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xc30000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xc40000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xc50000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xc60000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xc70000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xc80000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xc90000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xca0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xcb0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xcc0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xcd0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xce0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xcf0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xd00000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xd10000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x824 | address = 0xd20000, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #92 / 0xa7c |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:23, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:12 |
| OS Thread IDs | #553 0x514 #554 0x2B4 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0xa7c | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #93 / 0x1f4 |
| OS Parent PID | 0x704 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:24, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:11 |
| OS Thread IDs | #555 0x79C |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000c90000 | 0x00c90000 | 0x00c90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00ca0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007fd70000 | 0x7fd70000 | 0x7fd70fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000d25dc50000 | 0xd25dc50000 | 0xd25dc6ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000d25dc70000 | 0xd25dc70000 | 0xd25dc83fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000d25dc90000 | 0xd25dc90000 | 0xd25dd8ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000d25dd90000 | 0xd25dd90000 | 0xd25dd93fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000d25dda0000 | 0xd25dda0000 | 0xd25dda0fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000d25ddb0000 | 0xd25ddb0000 | 0xd25ddb1fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ffb20000 | 0x7df5ffb20000 | 0x7ff5ffb1ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc630000 | 0x7ff7fc630000 | 0x7ff7fc652fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc654000 | 0x7ff7fc654000 | 0x7ff7fc654fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc65e000 | 0x7ff7fc65e000 | 0x7ff7fc65ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xc50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xc60000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xc70000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xc80000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xc90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xca0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xcb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xcc0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xcd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xce0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xcf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xd00000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xd10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xd20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xd30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xd40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xd50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xd60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xd70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xd80000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xd90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xda0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xdb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xdc0000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xdd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xde0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xdf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xe00000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xe10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xe20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xe30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xe40000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xe50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xe60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xe70000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xe80000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x1fc | address = 0xe90000, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #94 / 0xa54 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:24, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:11 |
| OS Thread IDs | #556 0xA18 #557 0x92C |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0xa54 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x6d8, os_pid = 0xb2c, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 12 | | 1 | |
| MEM | ALLOC | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0xb2c, proc_address = 0xd70000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 19 | | 1 | |
| MEM | ALLOC | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xd90000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xda0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdb0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb2c, proc_address = 0xdb0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdc0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdd0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xde0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xdf0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb2c, proc_address = 0xdf0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 21 | | 1 | |
| MEM | ALLOC | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0xb2c, proc_address = 0xe30000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xe60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0xb2c, size = 20 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #95 / 0xb5c |
| OS Parent PID | 0x8e0 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:25, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:10 |
| OS Thread IDs | #558 0x2D4 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000090000 | 0x00090000 | 0x00090fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000b0000 | 0x000b0000 | 0x000b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000110000 | 0x00110000 | 0x00110fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000120000 | 0x00120000 | 0x00120fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000130000 | 0x00130000 | 0x00130fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000140000 | 0x00140000 | 0x00140fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000150000 | 0x00150000 | 0x00150fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000160000 | 0x00160000 | 0x00160fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000170000 | 0x00170000 | 0x00170fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000180000 | 0x00180000 | 0x00180fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000190000 | 0x00190000 | 0x00190fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001d0000 | 0x001d0000 | 0x001d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000200000 | 0x00200000 | 0x00200fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000210000 | 0x00210000 | 0x00210fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000220000 | 0x00220000 | 0x00220fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000230000 | 0x00230000 | 0x00230fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000240000 | 0x00240000 | 0x00240fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000250000 | 0x00250000 | 0x00250fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000260000 | 0x00260000 | 0x00260fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000270000 | 0x00270000 | 0x00270fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x00280fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000290000 | 0x00290000 | 0x00290fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002a0000 | 0x002a0000 | 0x002a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000300000 | 0x00300000 | 0x00300fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007febf000 | 0x7febf000 | 0x7febffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x00000017b5090000 | 0x17b5090000 | 0x17b50affff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000017b50b0000 | 0x17b50b0000 | 0x17b50c3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000017b50d0000 | 0x17b50d0000 | 0x17b51cffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000017b51d0000 | 0x17b51d0000 | 0x17b51d3fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000017b51e0000 | 0x17b51e0000 | 0x17b51e0fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000017b51f0000 | 0x17b51f0000 | 0x17b51f1fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ffee0000 | 0x7df5ffee0000 | 0x7ff5ffedffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fcac0000 | 0x7ff7fcac0000 | 0x7ff7fcae2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fcaea000 | 0x7ff7fcaea000 | 0x7ff7fcaeafff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fcaee000 | 0x7ff7fcaee000 | 0x7ff7fcaeffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0xa0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0xb0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0xc0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0xd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0xe0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0xf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x100000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x110000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x120000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x130000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x140000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x150000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x160000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x170000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x180000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x190000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x1a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x1b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x1c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x1d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x1e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x1f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x200000, size = 9 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x210000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x220000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x230000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x240000, size = 10 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x250000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x260000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x270000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x280000, size = 15 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x290000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x2a0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x2b0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x2c0000, size = 16 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x2d0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x2e0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x2f0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa78 | address = 0x300000, size = 16 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #96 / 0x218 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:26, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:09 |
| OS Thread IDs | #559 0x2E0 #560 0x894 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000001c0000 | 0x001c0000 | 0x001fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000200000 | 0x00200000 | 0x00200fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000220000 | 0x00220000 | 0x0022ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000260000 | 0x00260000 | 0x0026ffff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x00270000 | 0x0032dfff | Memory Mapped File | Readable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x0067ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x0077ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000780000 | 0x00780000 | 0x00907fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000910000 | 0x00910000 | 0x00a90fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000aa0000 | 0x00aa0000 | 0x01e9ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000001f70000 | 0x01f70000 | 0x0206ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002070000 | 0x02070000 | 0x0216ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x218 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x948, os_pid = 0x6dc, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x930000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x940000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x950000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x6dc, proc_address = 0x950000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x960000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x970000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x980000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x990000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x6dc, proc_address = 0x990000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x6dc, proc_address = 0x9d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x9f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa00000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa10000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x6dc, proc_address = 0xa10000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa20000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa30000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa40000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa50000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x6dc, proc_address = 0xa50000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa60000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 20 | | 1 | |
| MEM | ALLOC | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa70000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 13 | | 1 | |
| MEM | ALLOC | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0xa80000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 20 | | 1 | |
| MEM | ALLOC | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x6dc, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #97 / 0x8c4 |
| OS Parent PID | 0x8fc (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:26, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:09 |
| OS Thread IDs | #561 0x454 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x00000000008b0000 | 0x008b0000 | 0x008b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008c0000 | 0x008c0000 | 0x008c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008d0000 | 0x008d0000 | 0x008d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f20d000 | 0x7f20d000 | 0x7f20dfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x00000091578b0000 | 0x91578b0000 | 0x91578cffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000091578d0000 | 0x91578d0000 | 0x91578e3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000091578f0000 | 0x91578f0000 | 0x91579effff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000091579f0000 | 0x91579f0000 | 0x91579f3fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000009157a00000 | 0x9157a00000 | 0x9157a00fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000009157a10000 | 0x9157a10000 | 0x9157a11fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff0c0000 | 0x7df5ff0c0000 | 0x7ff5ff0bffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fd130000 | 0x7ff7fd130000 | 0x7ff7fd152fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fd15a000 | 0x7ff7fd15a000 | 0x7ff7fd15afff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fd15e000 | 0x7ff7fd15e000 | 0x7ff7fd15ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8b4 | address = 0x8b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8b4 | address = 0x8c0000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8b4 | address = 0x8d0000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8b4 | address = 0x8e0000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8b4 | address = 0x8f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8b4 | address = 0x900000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8b4 | address = 0x910000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8b4 | address = 0x920000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8b4 | address = 0x930000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8b4 | address = 0x940000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x8b4 | address = 0x950000, size = 142 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #98 / 0x3e4 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:27, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:08 |
| OS Thread IDs | #562 0x74C #563 0xAB8 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x001c0000 | 0x0027dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x002bffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000300000 | 0x00300000 | 0x0030ffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x0067ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x007cffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000007d0000 | 0x007d0000 | 0x00957fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009affff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000009b0000 | 0x009b0000 | 0x00b30fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000b40000 | 0x00b40000 | 0x01f3ffff | Pagefile Backed Memory | Readable | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #99 / 0xbd8 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:29, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:06 |
| OS Thread IDs | #564 0x9D0 #565 0x188 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable | | | | |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | Readable, Writable | | | | |
| locale.nls | 0x001c0000 | 0x0027dfff | Memory Mapped File | Readable | | | | |
| private_0x0000000000280000 | 0x00280000 | 0x002bffff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable | | | | |
| private_0x00000000002d0000 | 0x002d0000 | 0x002dffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000340000 | 0x00340000 | 0x0034ffff | Private Memory | Readable, Writable | | | | |
| svhost.exe | 0x00400000 | 0x0057afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x0000000000580000 | 0x00580000 | 0x0067ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000000740000 | 0x00740000 | 0x0083ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000000000840000 | 0x00840000 | 0x009c7fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x00000000009d0000 | 0x009d0000 | 0x00b50fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000000000b60000 | 0x00b60000 | 0x01f5ffff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000000001f60000 | 0x01f60000 | 0x0205ffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000002100000 | 0x02100000 | 0x021fffff | Private Memory | Readable, Writable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | - | | | | |
| wow64.dll | 0x53cc0000 | 0x53d0efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64cpu.dll | 0x53d10000 | 0x53d17fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| wow64win.dll | 0x53d20000 | 0x53d92fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntmarta.dll | 0x74ca0000 | 0x74cc7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasman.dll | 0x74cd0000 | 0x74cf2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rasapi32.dll | 0x74d00000 | 0x74da3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pstorec.dll | 0x74db0000 | 0x74db7fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| apphelp.dll | 0x74dc0000 | 0x74e50fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| bcryptprimitives.dll | 0x74e60000 | 0x74eb8fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| cryptbase.dll | 0x74ec0000 | 0x74ec9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sspicli.dll | 0x74ed0000 | 0x74eedfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msvcrt.dll | 0x74ef0000 | 0x74fadfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| advapi32.dll | 0x74fb0000 | 0x7502afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| oleaut32.dll | 0x75030000 | 0x750c1fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| powrprof.dll | 0x75280000 | 0x752c3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| KernelBase.dll | 0x752e0000 | 0x75455fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| imm32.dll | 0x75460000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable | | | | |
| combase.dll | 0x75490000 | 0x75649fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel32.dll | 0x75650000 | 0x7573ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| gdi32.dll | 0x75790000 | 0x758dcfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| SHCore.dll | 0x75aa0000 | 0x75b2cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| crypt32.dll | 0x75bf0000 | 0x75d64fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| profapi.dll | 0x75d70000 | 0x75d7efff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msasn1.dll | 0x75d80000 | 0x75d8dfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| msctf.dll | 0x75d90000 | 0x75eaffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| sechost.dll | 0x75eb0000 | 0x75ef2fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| user32.dll | 0x75f10000 | 0x7604ffff | Memory Mapped File | Readable, Writable, Executable | | | | |
| kernel.appcore.dll | 0x76290000 | 0x7629bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shlwapi.dll | 0x762a0000 | 0x762e3fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| windows.storage.dll | 0x76380000 | 0x7685cfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| rpcrt4.dll | 0x76860000 | 0x7690bfff | Memory Mapped File | Readable, Writable, Executable | | | | |
| shell32.dll | 0x76910000 | 0x77ccefff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ole32.dll | 0x77cd0000 | 0x77db9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x77dc0000 | 0x77f38fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb1ddcffff | Private Memory | Readable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| private_0x00007ffb1df92000 | 0x7ffb1df92000 | 0x7ffffffeffff | Private Memory | Readable | | | | |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0xbd8 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| FILE | CREATE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS | | 1 | |
| FILE | WRITE | file_name = c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt, size = 780712 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***_PERSIST, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\http\shell\open\command, value_name = , data_ident_out = "C:\Program Files\Internet Explorer\iexplore.exe" %1 | | 1 | |
| PROC | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0xec, os_pid = 0x1f8, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | | 1 | |
| MEM | ALLOC | address = 0x10410000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 376832, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address = 0x756677b0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address = 0x7566d8d0 | | 1 | |
| MEM | ALLOC | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x630000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 12, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x640000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 12 | | 1 | |
| MEM | ALLOC | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 210, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x650000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 210 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x1bc, os_pid = 0x1f8, proc_address = 0x650000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 19, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x660000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 19 | | 1 | |
| MEM | ALLOC | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x670000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x680000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x690000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1f8, proc_address = 0x690000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6a0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6b0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6c0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6d0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1f8, proc_address = 0x6d0000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 21, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6e0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 21 | | 1 | |
| MEM | ALLOC | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x6f0000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 13 | | 1 | |
| MEM | ALLOC | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x700000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 142, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x710000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 142 | | 1 | |
| THREAD | CREATE | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_tid = 0x0, os_pid = 0x1f8, proc_address = 0x710000, flags = THREAD_RUNS_IMMEDIATELY | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address = 0x75669640 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address = 0x75667940 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = ExitThread, address = 0x77e22570 | | 1 | |
| MEM | ALLOC | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x720000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 20 | | 1 | |
| MEM | ALLOC | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 13, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 | |
| MEM | WRITE | address = 0x730000, process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 13 | | 1 | |
| MEM | ALLOC | process_name = C:\Program Files\Internet Explorer\iexplore.exe, os_pid = 0x1f8, size = 20, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #100 / 0xb2c |
| OS Parent PID | 0xa54 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:30, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:05 |
| OS Thread IDs | #566 0x6D8 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d80000 | 0x00d80000 | 0x00d80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000d90000 | 0x00d90000 | 0x00d90fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000da0000 | 0x00da0000 | 0x00da0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00dc0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00dd0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000de0000 | 0x00de0000 | 0x00de0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e10000 | 0x00e10000 | 0x00e10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e20000 | 0x00e20000 | 0x00e20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007fecb000 | 0x7fecb000 | 0x7fecbfff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000f74fd50000 | 0xf74fd50000 | 0xf74fd6ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000f74fd70000 | 0xf74fd70000 | 0xf74fd83fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000f74fd90000 | 0xf74fd90000 | 0xf74fe8ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000f74fe90000 | 0xf74fe90000 | 0xf74fe93fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000f74fea0000 | 0xf74fea0000 | 0xf74fea0fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000f74feb0000 | 0xf74feb0000 | 0xf74feb1fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff150000 | 0x7df5ff150000 | 0x7ff5ff14ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc880000 | 0x7ff7fc880000 | 0x7ff7fc8a2fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc8ad000 | 0x7ff7fc8ad000 | 0x7ff7fc8aefff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc8af000 | 0x7ff7fc8af000 | 0x7ff7fc8affff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xd50000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xd60000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xd70000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xd80000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xd90000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xda0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xdb0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xdc0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xdd0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xde0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xdf0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xe00000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xe10000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xe20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xe30000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xe40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0xa18 | address = 0xe50000, size = 13 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #101 / 0x4d0 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:31, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:04 |
| OS Thread IDs | #567 0x538 #569 0x6B0 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 | |
| MOD | GET_HANDLE | module_name = SbieDll.dll, base_address = 0x0 | | 1 | |
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x75677510 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address = 0x75694410 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address = 0x756944c0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address = 0x756941f0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address = 0x75694560 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75694b10 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address = 0x7566ed60 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address = 0x7566c8e0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address = 0x7566ee30 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address = 0x7566c9b0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address = 0x75674a90 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address = 0x75672430 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address = 0x756947a0 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address = 0x75694950 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address = 0x75694890 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address = 0x75694a30 | | 1 | |
| MOD | GET_HANDLE | module_name = dbghelp.dll, base_address = 0x0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, value_name = ProductId, data_ident_out = 76 | | 1 | |
| USER | GET_CURRENT | user_name = WI2yhmtI onvScY7Pe | | 1 | |
| FILE | CREATE | file_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| FILE | CREATE | file_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address = 0x7566a790 | | 1 | |
| DBG | CHECK_FOR_PRESENCE | type = DEBUGGER, process_name = c:\windows\syswow64\install\svhost.exe, os_pid = 0x4d0 | | 1 | |
| MUTEX | CREATE | mutex_name = ***MUTEX***, initial_owner = 0 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemDirectoryA, address = 0x7566f5c0 | | 1 | |
| FILE | DELETE | file_name = c:\windows\system32\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, value_name = AppData, data_ident_out = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming | | 1 | |
| FILE | COPY | destination_file_name = c:\windows\system32\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| FILE | DELETE | file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe | | 1 | |
| FILE | COPY | destination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe, source_file_name = c:\windows\syswow64\install\svhost.exe, fail_if_exists = 0 | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = 0 | | 1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data_ident_out = C:\Windows\system32\install\svhost.exe | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = Policies, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe | | 1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\ | | 1 | |
| REG | DELETE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA} | | 1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{0H1OR2U5-6472-LCE1-8H05-HC2B1WMDD8RA}, value_name = StubPath, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\install\svhost.exe Restart | | 1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75650000 | | 1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address = 0x75676410 | | 1 | |
| MOD | GET_FILENAME | module_name = dbghelp.dll, file_name = C:\Windows\SysWOW64\install\svhost.exe | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #102 / 0x6dc |
| OS Parent PID | 0x218 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:31, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:04 |
| OS Thread IDs | #568 0x948 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a30000 | 0x00a30000 | 0x00a30fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a60000 | 0x00a60000 | 0x00a60fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a70000 | 0x00a70000 | 0x00a70fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000a80000 | 0x00a80000 | 0x00a80fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f4b9000 | 0x7f4b9000 | 0x7f4b9fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x000000ae6e930000 | 0xae6e930000 | 0xae6e94ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000ae6e950000 | 0xae6e950000 | 0xae6e963fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000ae6e970000 | 0xae6e970000 | 0xae6ea6ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x000000ae6ea70000 | 0xae6ea70000 | 0xae6ea73fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x000000ae6ea80000 | 0xae6ea80000 | 0xae6ea80fff | Pagefile Backed Memory | Readable | | | | |
| private_0x000000ae6ea90000 | 0xae6ea90000 | 0xae6ea91fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ff720000 | 0x7df5ff720000 | 0x7ff5ff71ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fc770000 | 0x7ff7fc770000 | 0x7ff7fc792fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fc794000 | 0x7ff7fc794000 | 0x7ff7fc794fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fc79e000 | 0x7ff7fc79e000 | 0x7ff7fc79ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0x930000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0x940000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0x950000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0x960000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0x970000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0x980000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0x990000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0x9a0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0x9b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0x9c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0x9d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0x9e0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0x9f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0xa00000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0xa10000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0xa20000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0xa30000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0xa40000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | | 1 | ||
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0xa60000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0xa70000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x2e0 | address = 0xa80000, size = 20 | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #103 / 0x924 |
| OS Parent PID | 0xd54 (c:\windows\syswow64\explorer.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\windows\syswow64\install\svhost.exe |
| Command Line | "C:\Windows\system32\install\svhost.exe" |
| Monitor | Start Time: 00:02:33, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:02 |
| OS Thread IDs | #570 0x2EC #571 0xBEC |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\syswow64\install\svhost.exe, base_address = 0x400000 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_UPDATE_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_PASSWORDLIST_X_x_, initial_owner = 0 | | 1 | |
| MUTEX | CREATE | mutex_name = _x_X_BLOCKMOUSE_X_x_, initial_owner = 0 | | 1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) | | 1 |
| Information | Value |
|---|---|
| ID / OS PID | #104 / 0x1f8 |
| OS Parent PID | 0xbd8 (c:\windows\syswow64\install\svhost.exe) |
| Initial Working Directory | C:\Users\WI2yhmtI onvScY7Pe\Desktop |
| File Name | c:\program files\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files\Internet Explorer\iexplore.exe" |
| Monitor | Start Time: 00:02:35, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:00 |
| OS Thread IDs | |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000630000 | 0x00630000 | 0x00630fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000650000 | 0x00650000 | 0x00650fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000690000 | 0x00690000 | 0x00690fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006a0000 | 0x006a0000 | 0x006a0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006b0000 | 0x006b0000 | 0x006b0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006c0000 | 0x006c0000 | 0x006c0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006d0000 | 0x006d0000 | 0x006d0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x0000000010410000 | 0x10410000 | 0x1046bfff | Private Memory | Readable, Writable, Executable | | | | |
| private_0x000000007f8e1000 | 0x7f8e1000 | 0x7f8e1fff | Private Memory | Readable, Writable | | | | |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable | | | | |
| private_0x0000001558630000 | 0x1558630000 | 0x155864ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000001558650000 | 0x1558650000 | 0x1558663fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000001558670000 | 0x1558670000 | 0x155876ffff | Private Memory | Readable, Writable | | | | |
| pagefile_0x0000001558770000 | 0x1558770000 | 0x1558773fff | Pagefile Backed Memory | Readable | | | | |
| pagefile_0x0000001558780000 | 0x1558780000 | 0x1558780fff | Pagefile Backed Memory | Readable | | | | |
| private_0x0000001558790000 | 0x1558790000 | 0x1558791fff | Private Memory | Readable, Writable | | | | |
| pagefile_0x00007df5ffea0000 | 0x7df5ffea0000 | 0x7ff5ffe9ffff | Pagefile Backed Memory | - | | | | |
| pagefile_0x00007ff7fcc50000 | 0x7ff7fcc50000 | 0x7ff7fcc72fff | Pagefile Backed Memory | Readable | | | | |
| private_0x00007ff7fcc79000 | 0x7ff7fcc79000 | 0x7ff7fcc79fff | Private Memory | Readable, Writable | | | | |
| private_0x00007ff7fcc7e000 | 0x7ff7fcc7e000 | 0x7ff7fcc7ffff | Private Memory | Readable, Writable | | | | |
| iexplore.exe | 0x7ff7fd520000 | 0x7ff7fd5e9fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| ntdll.dll | 0x7ffb1ddd0000 | 0x7ffb1df91fff | Memory Mapped File | Readable, Writable, Executable | | | | |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x630000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x640000, size = 12 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x650000, size = 210 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x660000, size = 19 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x670000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x680000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x690000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x6a0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x6b0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x6c0000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x6d0000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x6e0000, size = 21 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x6f0000, size = 13 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x700000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x710000, size = 142 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x720000, size = 20 | | 1 | |
| Modify Memory | c:\windows\syswow64\install\svhost.exe | 0x9d0 | address = 0x730000, size = 13 | | 1 |
