IOC Report
https://on-combine-data.s3.us-west-2.amazonaws.com/dealer-data/Share+Point/NTAS_MS3000X_Installer_v2.8.25_October2024_NO_UPS.exe

loading gif

Files

File Path
Type
Category
Malicious
C:\Program Files (x86)\NIR Technology Analysis Software\NTAS MS3000X.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Program Files (x86)\NIR Technology Analysis Software\Watchdog.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Program Files (x86)\NIR Technology Analysis Software\uninstall.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
dropped
 malicious
C:\Users\user\Downloads\06dc3f2a-0d04-4237-8c43-2058ccd60562.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Downloads\NTAS_MS3000X_Installer_v2.8.25_October2024_NO_UPS.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
dropped
 malicious
C:\Users\user\Downloads\Unconfirmed 279108.crdownload
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
dropped
 malicious
C:\Windows\SysWOW64\COMCTL32.ocx
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Windows\SysWOW64\Cerea.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\SysWOW64\DBGRID32.ocx
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\SysWOW64\MSFLXGRD.ocx
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Windows\SysWOW64\MSHFLXGD.ocx
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\SysWOW64\Mahalanobis.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\SysWOW64\NSIS.Library.RegTool.v3.{760CC695-7C3A-465F-9E6C-D3931A64AC97}.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\SysWOW64\PLSObj.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\SysWOW64\vbGraph.ocx
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\RestartApp.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\_asyncio.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\_bz2.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\_ctypes.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\_curses.cp310-win_amd64.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\_decimal.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\_elementtree.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\_hashlib.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\_lzma.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\_multiprocessing.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\_overlapped.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\_queue.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\_socket.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\_ssl.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-console-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-datetime-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-debug-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-errorhandling-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-file-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-file-l1-2-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-handle-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-heap-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-interlocked-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-libraryloader-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-louserzation-l1-2-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-memory-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-namedpipe-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-processenvironment-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-processthreads-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-processthreads-l1-1-1.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-profile-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-rtlsupport-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-string-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-synch-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-synch-l1-2-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-sysinfo-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-timezone-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-core-util-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-crt-conio-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-crt-convert-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-crt-environment-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-crt-filesystem-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-crt-heap-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-crt-locale-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-crt-math-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-crt-process-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-crt-runtime-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-crt-stdio-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-crt-string-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-crt-time-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\api-ms-win-crt-utility-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\libcrypto-1_1.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\libssl-1_1.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\psutil\_psutil_windows.cp310-win_amd64.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\pyexpat.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\python310.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\select.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\RestartApp\unicodedata.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\wga\Scripts\socketcropscan\socketcropscan.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
Chrome Cache Entry: 171
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
downloaded
 malicious
C:\Program Files (x86)\NIR Technology Analysis Software\NTAS Help.chm
MS Windows HtmlHelp Data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NIR Technology Analysis Software\NTAS Help.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Feb 24 22:42:50 2003, mtime=Mon Oct 28 21:41:18 2024, atime=Mon Feb 24 22:42:50 2003, length=1844627, window=hide
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NIR Technology Analysis Software\NTAS MS3000X.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Mon Oct 28 02:48:08 2024, mtime=Mon Oct 28 21:41:17 2024, atime=Mon Oct 28 02:48:08 2024, length=13479936, window=hide
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NIR Technology Analysis Software\Uninstall.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Mon Oct 28 21:41:21 2024, mtime=Mon Oct 28 21:41:21 2024, atime=Mon Oct 28 21:41:21 2024, length=59896, window=hide
dropped
C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2246122658-3693405117-2476756634-1003\ReadOnly\LockScreen_W\LockScreen___1280_1024_notdimmed.jpg (copy)
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2246122658-3693405117-2476756634-1003\ReadOnly\LockScreen_W\~ockScreen___1280_1024_notdimmed.tmp
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\Public\Desktop\NTAS MS3000X.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Mon Oct 28 02:48:08 2024, mtime=Mon Oct 28 21:41:22 2024, atime=Mon Oct 28 02:48:08 2024, length=13479936, window=hide
dropped
C:\Users\user\AppData\Local\Temp\nsl5413.tmp\InstallOptions.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nsl5413.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nsl5413.tmp\UserInfo.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nsl5413.tmp\ioSpecial.ini
Unicode text, UTF-16, little-endian text, with very long lines (301), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\nsl5413.tmp\modern-wizard.bmp
PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
dropped
C:\Users\user\AppData\Local\Temp\nsl5413.tmp\nsExec.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nsl5413.tmp\nsProcess.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nsq53E3.tmp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\NTAS MS3000X.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Mon Oct 28 02:48:08 2024, mtime=Mon Oct 28 21:41:22 2024, atime=Mon Oct 28 02:48:08 2024, length=13479936, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 21:40:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 21:40:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 21:40:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 21:40:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 21:40:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Windows\SysWOW64\COMCT232.ocx
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Windows\SysWOW64\COMCT332.ocx
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\SysWOW64\COMDLG32.ocx
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Windows\SysWOW64\MSCHRT20.ocx
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Windows\SysWOW64\MSCOMCT2.ocx
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Windows\SysWOW64\MSCOMCTL.ocx
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Windows\SysWOW64\MSCOMM32.ocx
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Windows\SysWOW64\MSDATGRD.ocx
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Windows\SysWOW64\MSWINSCK.ocx
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Windows\SysWOW64\SYSINFO.ocx
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Windows\SysWOW64\TrendGraph.tlb
data
dropped
C:\Windows\SysWOW64\VB6STKIT.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\SysWOW64\msstdfmt.dll
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\wga\Scripts\BatteryStatus.bat
ASCII text, with no line terminators
dropped
C:\wga\Scripts\DisableAutomaticUpdates.bat
DOS batch file, ASCII text, with CRLF line terminators
dropped
C:\wga\Scripts\RestartApp\VCRUNTIME140.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\wga\Scripts\RestartApp\api-ms-win-core-file-l2-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\wga\Scripts\RestartApp\base_library.zip
Zip archive data, at least v2.0 to extract, compression method=store
dropped
C:\wga\Scripts\RestartApp\libffi-7.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\wga\Scripts\RestartApp\ucrtbase.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\wga\Scripts\ScrollBarWidth255.bat
DOS batch file, ASCII text, with CRLF line terminators
dropped
C:\wga\Scripts\ScrollBarWidth650.bat
DOS batch file, ASCII text, with CRLF line terminators
dropped
There are 110 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Downloads\NTAS_MS3000X_Installer_v2.8.25_October2024_NO_UPS.exe
"C:\Users\user\Downloads\NTAS_MS3000X_Installer_v2.8.25_October2024_NO_UPS.exe"
malicious
C:\Users\user\Downloads\NTAS_MS3000X_Installer_v2.8.25_October2024_NO_UPS.exe
"C:\Users\user\Downloads\NTAS_MS3000X_Installer_v2.8.25_October2024_NO_UPS.exe"
malicious
C:\Windows\System32\bcdedit.exe
"bcdedit" /set {current} bootstatuspolicy ignoreallfailures
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1936,i,14282950788006197663,4562122908551355024,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://on-combine-data.s3.us-west-2.amazonaws.com/dealer-data/Share+Point/NTAS_MS3000X_Installer_v2.8.25_October2024_NO_UPS.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3140 --field-trial-handle=1936,i,14282950788006197663,4562122908551355024,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
TaskKill /IM Watchdog.exe /F
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
TaskKill /IM RestartApp.exe /F
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
TaskKill /IM NTAS 3000X /F
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
TaskKill /IM ReadWeight.exe /F
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3ff7055 /state1:0x41c64e6d
C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
"C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca
There are 9 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://on-combine-data.s3.us-west-2.amazonaws.com/dealer-data/Share+Point/NTAS_MS3000X_Installer_v2.8.25_October2024_NO_UPS.exe
malicious
http://ns.adobe.hotosh
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0
unknown
http://ns.a.0/sTy
unknown
https://on-combine-data.s3.us-west-2.amazonaws.com/dealer-data/Share+Point/NTAS_MS3000X_Installer_v2.8.25_October2024_NO_UPS.exe
52.218.247.225
http://ocsp.thawte.com0
unknown

Domains

Name
IP
Malicious
s3-r-w.us-west-2.amazonaws.com
52.218.247.225
www.google.com
142.250.185.228
on-combine-data.s3.us-west-2.amazonaws.com
unknown

IPs

IP
Domain
Country
Malicious
142.250.185.228
www.google.com
United States
52.218.247.225
s3-r-w.us-west-2.amazonaws.com
United States
239.255.255.250
unknown
Reserved
192.168.2.16
unknown
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
count
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
NSIS.Library.RegTool.v3
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
1.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
1.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
2.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
2.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
3.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
3.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
4.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
4.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
5.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
5.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
6.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
6.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
7.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
7.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
8.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
8.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
9.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
9.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
10.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
10.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
11.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
11.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
12.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
12.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
13.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
13.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
14.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
14.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
15.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
15.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
16.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
16.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
17.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
17.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
18.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
18.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
19.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
19.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
20.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
20.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
21.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
21.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
22.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
22.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NTAS
Install_Dir
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NTAS
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NTAS
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NTAS
NoModify
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NTAS
NoRepair
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
23.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
23.mode
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
24.file
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
24.mode
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
count
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
count
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
count
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
count
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
count
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
count
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
count
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
count
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
count
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
count
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
count
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
count
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
count
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
count
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NSIS.Library.RegTool.v3\{760CC695-7C3A-465F-9E6C-D3931A64AC97}
count
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
HKEY_LOCAL_MACHINE\BCD00000000\Description
FirmwareModified
HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001
Element
HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\12000002
Element
HKEY_LOCAL_MACHINE\BCD00000000\Objects\{584f4cfd-61ca-11ee-8a62-e43725c6cdb7}\Elements\12000004
Element
HKEY_LOCAL_MACHINE\BCD00000000\Objects\{584f4cfe-61ca-11ee-8a62-e43725c6cdb7}\Elements\12000004
Element
HKEY_LOCAL_MACHINE\BCD00000000\Objects\{a5a30fa2-3d06-4e9f-b5f4-a01df9d1fcba}\Description
Type
HKEY_LOCAL_MACHINE\BCD00000000\Objects\{a5a30fa2-3d06-4e9f-b5f4-a01df9d1fcba}\Elements\24000001
Element
HKEY_LOCAL_MACHINE\BCD00000000\Objects\{a5a30fa2-3d06-4e9f-b5f4-a01df9d1fcba}\Elements\25000004
Element
HKEY_LOCAL_MACHINE\BCD00000000\Objects\{71a3c7fc-f751-4982-aec1-e958357e6813}\Elements\250000e0
Element
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI
IdleTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\FaceLogon
CredProvUncompletedInstances
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\FaceLogon
CredProvUncompletedInstances
There are 75 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1AFF77F0000
heap
page read and write
20C28A95000
heap
page read and write
20C28AED000
heap
page read and write
2E4F000
heap
page read and write
4B7000
heap
page read and write
20C2ABFB000
heap
page read and write
4B7000
heap
page read and write
20C2EC83000
heap
page read and write
2166623F000
heap
page read and write
20C312C6000
heap
page read and write
20C2EA9A000
heap
page read and write
A8ACAFB000
stack
page read and write
20C2D040000
heap
page read and write
20C2EB46000
heap
page read and write
2165F2AF000
heap
page read and write
20C28A40000
heap
page read and write
5FB000
heap
page read and write
2F81000
heap
page read and write
20C2F570000
heap
page read and write
2165F288000
heap
page read and write
1AFF9230000
heap
page read and write
C5F000
unkown
page read and write
3441000
heap
page read and write
7E0000
heap
page read and write
216653B0000
heap
page readonly
ADE000
stack
page read and write
20C2F380000
heap
page read and write
20C2ED66000
heap
page read and write
20C2D1BC000
heap
page read and write
5D9000
heap
page read and write
20C28ACD000
heap
page read and write
20C2D1ED000
heap
page read and write
20C2ED55000
heap
page read and write
A8AC38C000
stack
page read and write
3220000
trusted library allocation
page read and write
20C28A99000
heap
page read and write
20C27857000
heap
page read and write
A8AC8FB000
stack
page read and write
450000
heap
page read and write
20C2D21C000
heap
page read and write
354B000
heap
page read and write
21665ECE000
heap
page read and write
29ABB7D000
stack
page read and write
20C2ED2F000
heap
page read and write
B40000
heap
page read and write
20C2ABEA000
heap
page read and write
A8ACBEE000
stack
page read and write
20C2EC55000
heap
page read and write
20C2F4DA000
heap
page read and write
20C2D106000
heap
page read and write
20C2D0AE000
heap
page read and write
20C30541000
heap
page read and write
20C2ED44000
heap
page read and write
20C28AEB000
heap
page read and write
2D4D000
heap
page read and write
4B7000
heap
page read and write
20C28ADA000
heap
page read and write
616000
heap
page read and write
5F4000
heap
page read and write
19A000
stack
page read and write
4FE000
stack
page read and write
20C2ED5D000
heap
page read and write
20C2F53A000
heap
page read and write
20C2AC9E000
heap
page read and write
2165F2B8000
heap
page read and write
21665EF3000
heap
page read and write
20C2ED1E000
heap
page read and write
20C2D18D000
heap
page read and write
20C2ED5B000
heap
page read and write
20C2D0AE000
heap
page read and write
20C30AB4000
heap
page read and write
20C2ED94000
heap
page read and write
216662C4000
heap
page read and write
3541000
heap
page read and write
20C2ACDC000
heap
page read and write
20C2ED91000
heap
page read and write
4B7000
heap
page read and write
4ACF000
stack
page read and write
42E000
heap
page read and write
1B7FAF30000
heap
page read and write
20C2D199000
heap
page read and write
592000
heap
page read and write
20C2F43E000
heap
page read and write
20C2D024000
heap
page read and write
20C2ED4F000
heap
page read and write
A8AC77E000
stack
page read and write
4B7000
heap
page read and write
20C2ABE6000
heap
page read and write
2DEE000
stack
page read and write
20C2EAF3000
heap
page read and write
570000
heap
page read and write
2CAF000
heap
page read and write
5E3000
heap
page read and write
4B7000
heap
page read and write
4B7000
heap
page read and write
20C2EBC8000
heap
page read and write
A8ACEFB000
stack
page read and write
32E0000
trusted library allocation
page read and write
1AFF76D0000
heap
page read and write
20C304C0000
heap
page read and write
20C308C0000
heap
page read and write
21665D50000
trusted library allocation
page read and write
20C2D13E000
heap
page read and write
A50000
heap
page read and write
C0E000
unkown
page read and write
2165F361000
heap
page read and write
21665380000
trusted library allocation
page read and write
A8AC7FE000
stack
page read and write
3579000
heap
page read and write
20C2D13C000
heap
page read and write
20C2AE00000
trusted library allocation
page read and write
20C2D19C000
heap
page read and write
2165F2F4000
heap
page read and write
2EAE000
stack
page read and write
408000
unkown
page readonly
20C2ED3B000
heap
page read and write
5C9000
heap
page read and write
597000
heap
page read and write
1B7FAF00000
heap
page read and write
20C2D1C8000
heap
page read and write
20C2D11F000
heap
page read and write
5E6000
heap
page read and write
A8ACF7D000
stack
page read and write
20C2E900000
heap
page read and write
2166115A000
heap
page read and write
20C28AB9000
heap
page read and write
20C2F740000
heap
page read and write
A9C000
stack
page read and write
21666238000
heap
page read and write
21661002000
heap
page read and write
20C2ED22000
heap
page read and write
20C278AE000
heap
page read and write
20C2F511000
heap
page read and write
20C28A3C000
heap
page read and write
20C2D165000
heap
page read and write
20C2ED6D000
heap
page read and write
5EE000
heap
page read and write
4B7000
heap
page read and write
1FE96FB000
stack
page read and write
A8ACB7F000
stack
page read and write
44A000
heap
page read and write
31A0000
trusted library allocation
page read and write
1B7FB220000
heap
page read and write
1FE8DFE000
stack
page read and write
3556000
heap
page read and write
4B0000
heap
page read and write
20C30570000
heap
page read and write
A94000
heap
page read and write
20C2ED3D000
heap
page read and write
2165F22E000
heap
page read and write
401000
unkown
page execute read
2165F388000
heap
page read and write
20C2D21A000
heap
page read and write
4A8E000
stack
page read and write
BB5000
heap
page read and write
AC8000
heap
page read and write
3220000
trusted library allocation
page read and write
422000
unkown
page read and write
2165F2AD000
heap
page read and write
10000000
unkown
page readonly
20C2D1F4000
heap
page read and write
20C2EB4E000
heap
page read and write
3440000
heap
page read and write
20C2D0E9000
heap
page read and write
20C2E9A0000
heap
page read and write
20C2C612000
unkown
page readonly
29F6000
heap
page read and write
20C2EA9F000
heap
page read and write
21665DB0000
heap
page read and write
20C2EBC2000
heap
page read and write
A8AC6FE000
stack
page read and write
20C2D1D9000
heap
page read and write
3441000
heap
page read and write
21665D10000
heap
page read and write
20C2ED4F000
heap
page read and write
20C27817000
heap
page read and write
20C2790C000
heap
page read and write
20C2ED56000
heap
page read and write
4B7000
heap
page read and write
2165F1E0000
trusted library allocation
page read and write
20C2D06C000
heap
page read and write
21666249000
heap
page read and write
20C28AC1000
heap
page read and write
1B7FB030000
heap
page read and write
21661100000
heap
page read and write
20C27950000
heap
page read and write
20C28A83000
heap
page read and write
20C28AC5000
heap
page read and write
1AFF77F5000
heap
page read and write
2D37000
heap
page read and write
2165F257000
heap
page read and write
575000
heap
page read and write
B8F000
unkown
page read and write
20C2C617000
unkown
page readonly
20C2D21F000
heap
page read and write
4B7000
heap
page read and write
20C2EDAB000
heap
page read and write
20C2EABA000
heap
page read and write
20C2D10C000
heap
page read and write
2165F3D8000
heap
page read and write
20C278FC000
heap
page read and write
20C2D0F6000
heap
page read and write
20C2EDD6000
heap
page read and write
20C2D0CB000
heap
page read and write
4B7000
heap
page read and write
21665EB4000
heap
page read and write
20C28AA5000
heap
page read and write
20C2ED53000
heap
page read and write
2EA3000
heap
page read and write
3441000
heap
page read and write
2D6E000
stack
page read and write
20C2EBE5000
heap
page read and write
20C2D177000
heap
page read and write
20C2F55E000
heap
page read and write
20C2ACBB000
heap
page read and write
1B7FAF38000
heap
page read and write
20C2D151000
heap
page read and write
4B7000
heap
page read and write
20C2EBC5000
heap
page read and write
20C2D18C000
heap
page read and write
20C2F575000
heap
page read and write
20C2AC37000
heap
page read and write
20C2F577000
heap
page read and write
20C2EC25000
heap
page read and write
20C28A24000
heap
page read and write
20C2EB31000
heap
page read and write
68E000
unkown
page read and write
20C2D202000
heap
page read and write
20C2D1C3000
heap
page read and write
1C0000
heap
page read and write
20C2EA00000
heap
page read and write
20C28AB9000
heap
page read and write
20C28AE7000
heap
page read and write
A8ACC7E000
stack
page read and write
20C2EB34000
heap
page read and write
20C2F545000
heap
page read and write
32F0000
unkown
page read and write
20C3056F000
heap
page read and write
20C2EC22000
heap
page read and write
29C9000
heap
page read and write
3682000
heap
page read and write
20C2ED74000
heap
page read and write
2165F311000
heap
page read and write
20C2ABE8000
heap
page read and write
20C2EAF1000
heap
page read and write
20C2F475000
heap
page read and write
BB0000
heap
page read and write
20C2E980000
heap
page read and write
2165F267000
heap
page read and write
20C2D19C000
heap
page read and write
2165F2B3000
heap
page read and write
2E70000
heap
page read and write
2165F347000
heap
page read and write
20C2EAB2000
heap
page read and write
20C31284000
heap
page read and write
400000
unkown
page readonly
20C278BD000
heap
page read and write
20C30542000
heap
page read and write
2EAE000
stack
page read and write
20C2ACA1000
heap
page read and write
443E000
stack
page read and write
20C2D0BB000
heap
page read and write
20C2AC99000
heap
page read and write
20C2E8F0000
heap
page read and write
20C2ACCC000
heap
page read and write
40A000
unkown
page read and write
1FE8FF9000
stack
page read and write
20C2D179000
heap
page read and write
20C2781E000
heap
page read and write
21661116000
heap
page read and write
20C2ED75000
heap
page read and write
20C28AB7000
heap
page read and write
20C2D065000
heap
page read and write
2D30000
heap
page read and write
4B7000
heap
page read and write
43B000
unkown
page read and write
20C2D132000
heap
page read and write
20C28AC1000
heap
page read and write
21666282000
heap
page read and write
20C2F567000
heap
page read and write
3220000
trusted library allocation
page read and write
20C2F43E000
heap
page read and write
20C2ED5F000
heap
page read and write
417000
heap
page read and write
20C2D1EB000
heap
page read and write
20C2ED8A000
heap
page read and write
2165F35E000
heap
page read and write
5E8000
heap
page read and write
20C2D1D5000
heap
page read and write
BBA000
heap
page read and write
20C2D20F000
heap
page read and write
2FDD000
heap
page read and write
5C2000
heap
page read and write
21666422000
trusted library allocation
page read and write
5F9000
heap
page read and write
A8AD0FC000
stack
page read and write
3220000
trusted library allocation
page read and write
C0E000
stack
page read and write
20C2F398000
heap
page read and write
453E000
stack
page read and write
4B7E000
stack
page read and write
21666274000
heap
page read and write
20C2EC87000
heap
page read and write
42B000
unkown
page read and write
2DAD000
stack
page read and write
20C2CF10000
heap
page readonly
3543000
heap
page read and write
20C2ED63000
heap
page read and write
2E4856F000
stack
page read and write
20C2D064000
heap
page read and write
20C2EAF3000
heap
page read and write
20C278EE000
heap
page read and write
20C279C0000
heap
page read and write
A8AC9FC000
stack
page read and write
20C2CF80000
trusted library allocation
page read and write
3543000
heap
page read and write
20C2D06A000
heap
page read and write
2165F150000
heap
page read and write
A90000
heap
page read and write
4B7000
heap
page read and write
5C5000
heap
page read and write
1FE90FE000
stack
page read and write
20C2D16E000
heap
page read and write
20C2D0EC000
heap
page read and write
20C2EA9D000
heap
page read and write
3220000
trusted library allocation
page read and write
A75000
heap
page read and write
20C2D14B000
heap
page read and write
20C27960000
heap
page read and write
20C2D065000
heap
page read and write
4B7000
heap
page read and write
20C2D1F4000
heap
page read and write
20C2D020000
heap
page read and write
44BE000
stack
page read and write
20C2D156000
heap
page read and write
20C2F47A000
heap
page read and write
20C27760000
heap
page read and write
A8AD27E000
stack
page read and write
43F000
unkown
page readonly
4A40000
trusted library allocation
page read and write
20C2EF32000
trusted library allocation
page read and write
BA0000
heap
page read and write
2166110A000
heap
page read and write
4B0E000
stack
page read and write
43E000
heap
page read and write
5E4000
heap
page read and write
20C2F479000
heap
page read and write
4B7000
heap
page read and write
A2F000
stack
page read and write
20C2F554000
heap
page read and write
216611A4000
heap
page read and write
20C2D118000
heap
page read and write
20C28AC7000
heap
page read and write
3542000
heap
page read and write
20C28AD6000
heap
page read and write
20C2F565000
heap
page read and write
20C2D0E2000
heap
page read and write
20C2F4AE000
heap
page read and write
20C2D0C1000
heap
page read and write
C4E000
stack
page read and write
21661157000
heap
page read and write
617000
heap
page read and write
20C2F571000
heap
page read and write
B1E000
stack
page read and write
20C2D0E5000
heap
page read and write
2166628E000
heap
page read and write
410000
heap
page read and write
20C2ACB0000
heap
page read and write
602000
heap
page read and write
21665EF9000
heap
page read and write
20C2EBBE000
heap
page read and write
A8ACA74000
stack
page read and write
20C2D0A1000
heap
page read and write
20C28A04000
heap
page read and write
2166111D000
heap
page read and write
20C2ED74000
heap
page read and write
29E6000
heap
page read and write
2E2E000
stack
page read and write
15C000
stack
page read and write
3543000
heap
page read and write
20C2EA36000
heap
page read and write
20C289F0000
heap
page read and write
1B7FB225000
heap
page read and write
1AFF7857000
heap
page read and write
21661160000
heap
page read and write
20C2D212000
heap
page read and write
20C2D060000
heap
page read and write
20C2F475000
heap
page read and write
28F0000
heap
page read and write
20C2D1E5000
heap
page read and write
3220000
trusted library allocation
page read and write
4B7000
heap
page read and write
20C28A8E000
heap
page read and write
20C2EB28000
heap
page read and write
A8ACD7E000
stack
page read and write
3546000
heap
page read and write
4B7000
heap
page read and write
20C2ED1E000
heap
page read and write
43B000
heap
page read and write
A8ACE7F000
stack
page read and write
74E000
stack
page read and write
4B7000
heap
page read and write
20C2EBF8000
heap
page read and write
2CEE000
unkown
page read and write
4B7000
heap
page read and write
20C2CF00000
trusted library allocation
page read and write
A5C000
stack
page read and write
4B7000
heap
page read and write
5F2000
heap
page read and write
20C2D15F000
heap
page read and write
A97000
heap
page read and write
73C000
stack
page read and write
2165F200000
heap
page read and write
20C2ED6B000
heap
page read and write
20C2ED5B000
heap
page read and write
2166627E000
heap
page read and write
21666278000
heap
page read and write
4B7000
heap
page read and write
1D0000
heap
page read and write
78E000
stack
page read and write
20C2ABE0000
heap
page read and write
20C2ABE2000
heap
page read and write
20C27865000
heap
page read and write
2E78000
heap
page read and write
20C289F2000
heap
page read and write
4B7000
heap
page read and write
1FE92F4000
stack
page read and write
20C28A54000
heap
page read and write
7F0000
heap
page read and write
431000
unkown
page read and write
77C000
stack
page read and write
20C2ACC4000
heap
page read and write
2165F30B000
heap
page read and write
6CE000
stack
page read and write
2165F1F0000
heap
page read and write
447F000
stack
page read and write
1FE97FC000
stack
page read and write
C60000
heap
page read and write
356C000
heap
page read and write
3541000
heap
page read and write
7DF3FEEC1000
trusted library allocation
page execute read
20C2F552000
heap
page read and write
20C2EB3B000
heap
page read and write
20C28AC3000
heap
page read and write
457F000
stack
page read and write
21665DC0000
trusted library allocation
page read and write
20C2D172000
heap
page read and write
4B7000
heap
page read and write
AD6000
heap
page read and write
601000
heap
page read and write
425000
unkown
page read and write
4A0000
heap
page read and write
2165F334000
heap
page read and write
21665F13000
heap
page read and write
21666261000
heap
page read and write
20C2F38F000
heap
page read and write
2E4887F000
stack
page read and write
42B000
heap
page read and write
1FE9EFF000
stack
page read and write
3680000
heap
page read and write
20C2ED74000
heap
page read and write
614000
heap
page read and write
20C27680000
heap
page read and write
20C2F577000
heap
page read and write
20C28AB0000
heap
page read and write
2E6E000
stack
page read and write
1FE94FE000
stack
page read and write
C8E000
stack
page read and write
20C2EB32000
heap
page read and write
20C28AB2000
heap
page read and write
B3D000
unkown
page read and write
2ED0000
heap
page read and write
28EE000
heap
page read and write
20C2EBE2000
heap
page read and write
2165F3CA000
heap
page read and write
2165F2FE000
heap
page read and write
A8AC87E000
stack
page read and write
20C2AC80000
heap
page read and write
2CB0000
heap
page read and write
2D2E000
stack
page read and write
20C2E970000
trusted library allocation
page read and write
8E0000
heap
page read and write
560000
heap
page read and write
20C2F424000
heap
page read and write
2165F3C2000
heap
page read and write
20C2D1B8000
heap
page read and write
20C2F547000
heap
page read and write
216611AA000
heap
page read and write
20C2EBB0000
heap
page read and write
20C2D123000
heap
page read and write
20C2CFF0000
heap
page read and write
2CED000
stack
page read and write
2165F291000
heap
page read and write
A8AD179000
stack
page read and write
21661138000
heap
page read and write
2165F2D1000
heap
page read and write
2E484EC000
stack
page read and write
4580000
heap
page read and write
A8ACFFE000
stack
page read and write
2165F284000
heap
page read and write
20C2F51F000
heap
page read and write
20C28AA5000
heap
page read and write
2166626A000
heap
page read and write
1FE9AFF000
stack
page read and write
7DF3FEEB1000
trusted library allocation
page execute read
216611FA000
heap
page read and write
5C1000
heap
page read and write
20C2D22D000
heap
page read and write
3220000
trusted library allocation
page read and write
1FE93FC000
stack
page read and write
2EAB000
heap
page read and write
4B7000
heap
page read and write
4B7000
heap
page read and write
20C2D0FB000
heap
page read and write
20C2D06C000
heap
page read and write
20C2D12D000
heap
page read and write
20C28AC1000
heap
page read and write
4BBF000
stack
page read and write
20C2ABF1000
heap
page read and write
2165F2B1000
heap
page read and write
1FE95FF000
stack
page read and write
20C2F821000
heap
page read and write
20C28AC7000
heap
page read and write
A8AC976000
stack
page read and write
20C2D0DB000
heap
page read and write
4B7000
heap
page read and write
20C2D140000
heap
page read and write
20C2F479000
heap
page read and write
20C2ED6D000
heap
page read and write
20C28A99000
heap
page read and write
20C2D1F6000
heap
page read and write
2CE0000
heap
page read and write
20C2D0A1000
heap
page read and write
31A0000
trusted library allocation
page read and write
20C2EA10000
heap
page read and write
20C2F421000
heap
page read and write
44A000
heap
page read and write
20C2ED2A000
heap
page read and write
2165F2A8000
heap
page read and write
20C2F572000
heap
page read and write
1AFF77D0000
heap
page read and write
7BC000
stack
page read and write
20C2D163000
heap
page read and write
20C2F38F000
heap
page read and write
582000
heap
page read and write
613000
heap
page read and write
20C2EC59000
heap
page read and write
2165F24B000
heap
page read and write
2165F371000
heap
page read and write
20C28AC3000
heap
page read and write
82F000
stack
page read and write
10002000
unkown
page readonly
20C2C622000
unkown
page readonly
20C2D06A000
heap
page read and write
20C2D030000
heap
page read and write
2165F271000
heap
page read and write
1FE8EFE000
stack
page read and write
20C2F396000
heap
page read and write
4B4F000
stack
page read and write
20C30EA0000
trusted library allocation
page read and write
20C2EC96000
heap
page read and write
20C28ACD000
heap
page read and write
28A3000
heap
page read and write
4B7000
heap
page read and write
20C2D14D000
heap
page read and write
A8AD07E000
stack
page read and write
AF0000
heap
page read and write
4B7000
heap
page read and write
20C2D1A0000
heap
page read and write
20C2D05B000
heap
page read and write
20C28AAF000
heap
page read and write
2165F324000
heap
page read and write
20C2D10A000
heap
page read and write
20C2EB9F000
heap
page read and write
20C2D193000
heap
page read and write
20C28AC7000
heap
page read and write
20C2D11B000
heap
page read and write
49E000
stack
page read and write
2165F3DB000
heap
page read and write
C10000
heap
page read and write
602000
heap
page read and write
4B7000
heap
page read and write
2166624D000
heap
page read and write
20C28AC4000
heap
page read and write
A8AC30C000
stack
page read and write
54E000
unkown
page read and write
42A000
heap
page read and write
20C2F741000
heap
page read and write
20C2EC08000
heap
page read and write
20C2EC66000
heap
page read and write
2D9D000
heap
page read and write
20C2ED57000
heap
page read and write
20C2F543000
heap
page read and write
20C2EC83000
heap
page read and write
567000
heap
page read and write
2E8C000
heap
page read and write
20C2D114000
heap
page read and write
3541000
heap
page read and write
20C278BA000
heap
page read and write
20C2F577000
heap
page read and write
20C2EDA6000
heap
page read and write
58D000
heap
page read and write
20C2AC82000
heap
page read and write
20C2D17C000
heap
page read and write
21666286000
heap
page read and write
4B7000
heap
page read and write
20C28ABE000
heap
page read and write
20C2ED66000
heap
page read and write
2165F2EC000
heap
page read and write
4BCF000
stack
page read and write
B45000
heap
page read and write
20C2D1C1000
heap
page read and write
279F000
stack
page read and write
20C2D053000
heap
page read and write
77C000
stack
page read and write
21661120000
heap
page read and write
70E000
stack
page read and write
2EB0000
heap
page read and write
A70000
heap
page read and write
1FE99FB000
stack
page read and write
2D79000
heap
page read and write
2165F130000
heap
page read and write
3060000
heap
page read and write
4B7000
heap
page read and write
20C2ED38000
heap
page read and write
20C28AB3000
heap
page read and write
20C2D1C1000
heap
page read and write
40A000
unkown
page write copy
20C2F47B000
heap
page read and write
1B7FAE20000
heap
page read and write
20C27904000
heap
page read and write
3544000
heap
page read and write
20C2EBA8000
heap
page read and write
3220000
trusted library allocation
page read and write
20C2AC9C000
heap
page read and write
20C2D17D000
heap
page read and write
AAB000
heap
page read and write
29ABBFF000
stack
page read and write
5C1000
heap
page read and write
20C2D062000
heap
page read and write
20C2ED91000
heap
page read and write
BCE000
stack
page read and write
21665F02000
heap
page read and write
20C2ABE4000
heap
page read and write
58B000
heap
page read and write
2165F3AE000
heap
page read and write
4B5000
heap
page read and write
3540000
heap
page read and write
20C2D125000
heap
page read and write
20C28A8A000
heap
page read and write
20C279C5000
heap
page read and write
21665EB0000
heap
page read and write
20C2EA84000
heap
page read and write
20C2D0A1000
heap
page read and write
A3E000
unkown
page read and write
4B7000
heap
page read and write
20C2ED34000
heap
page read and write
587000
heap
page read and write
2165F336000
heap
page read and write
20C308C0000
heap
page read and write
20C2ACB7000
heap
page read and write
20C2AC10000
heap
page read and write
21666257000
heap
page read and write
21665ED2000
heap
page read and write
61F000
heap
page read and write
A8ACDFF000
stack
page read and write
20C2D16A000
heap
page read and write
3549000
heap
page read and write
20C2D0AE000
heap
page read and write
20C2D1EB000
heap
page read and write
21666241000
heap
page read and write
2165F213000
heap
page read and write
4B7000
heap
page read and write
20C2ED50000
heap
page read and write
343F000
stack
page read and write
A8AD1FF000
stack
page read and write
440000
heap
page read and write
4B8E000
stack
page read and write
20C310A4000
heap
page read and write
A20000
heap
page read and write
613000
heap
page read and write
20C2EF00000
heap
page read and write
4B7000
heap
page read and write
2165F313000
heap
page read and write
20C2EDA9000
heap
page read and write
1FE9DFF000
stack
page read and write
289F000
stack
page read and write
20C2D1BE000
heap
page read and write
20C2D06C000
heap
page read and write
4BD0000
heap
page read and write
20C2ED76000
heap
page read and write
1FE9BFE000
stack
page read and write
20C2D1D2000
heap
page read and write
42A000
heap
page read and write
20C2D1B1000
heap
page read and write
2165F3A7000
heap
page read and write
20C2F3F2000
heap
page read and write
20C28AAF000
heap
page read and write
20C2F537000
heap
page read and write
20C2F47B000
heap
page read and write
20C2AC2B000
heap
page read and write
11C000
stack
page read and write
2165F120000
heap
page read and write
60A000
heap
page read and write
4B7000
heap
page read and write
A8AC67E000
stack
page read and write
20C2EC5F000
heap
page read and write
21665E00000
heap
page read and write
1AFF77B0000
heap
page read and write
2E485EE000
stack
page read and write
2D2E000
stack
page read and write
1FE8CFE000
stack
page read and write
20C27953000
heap
page read and write
20C28AB3000
heap
page read and write
2165F2CB000
heap
page read and write
2165F2BD000
heap
page read and write
20C28ABA000
heap
page read and write
10001000
unkown
page execute read
20C2EC57000
heap
page read and write
2A14000
heap
page read and write
20C2D0D7000
heap
page read and write
20C2ED5D000
heap
page read and write
1FE9CFB000
stack
page read and write
4B3F000
stack
page read and write
20C2ACAB000
heap
page read and write
44FF000
stack
page read and write
20C2EBBA000
heap
page read and write
A90000
heap
page read and write
20C2ED4C000
heap
page read and write
20C2D193000
heap
page read and write
B90000
heap
page read and write
20C2D044000
heap
page read and write
20C2E900000
trusted library allocation
page read and write
20C278F2000
heap
page read and write
53E000
stack
page read and write
456000
heap
page read and write
1FE898B000
stack
page read and write
20C2ACBA000
heap
page read and write
20C2D195000
heap
page read and write
20C2F52C000
heap
page read and write
20C27859000
heap
page read and write
20C2D211000
heap
page read and write
2165F2E6000
heap
page read and write
1FE98F7000
stack
page read and write
20C28ABC000
heap
page read and write
333E000
stack
page read and write
96000
stack
page read and write
20C28A38000
heap
page read and write
20C28A3E000
heap
page read and write
20C2ED53000
heap
page read and write
29ABE7F000
stack
page read and write
408000
unkown
page readonly
3220000
trusted library allocation
page read and write
20C2D199000
heap
page read and write
20C27780000
heap
page read and write
3220000
trusted library allocation
page read and write
20C28AB9000
heap
page read and write
20C2D06A000
heap
page read and write
20C28A8E000
heap
page read and write
21661200000
trusted library allocation
page read and write
5C5000
heap
page read and write
435000
unkown
page read and write
21666200000
heap
page read and write
92F000
stack
page read and write
1FE91FB000
stack
page read and write
20C28ADA000
heap
page read and write
32E0000
trusted library allocation
page read and write
20C2D04F000
heap
page read and write
20C28AC1000
heap
page read and write
20C28AE4000
heap
page read and write
216611F8000
heap
page read and write
2165F25F000
heap
page read and write
20C2D0C0000
heap
page read and write
20C28ABC000
heap
page read and write
20C2F571000
heap
page read and write
20C2EBCC000
heap
page read and write
2165F2D5000
heap
page read and write
20C2D18C000
heap
page read and write
2F22000
heap
page read and write
20C2ED48000
heap
page read and write
20C28ABB000
heap
page read and write
20C2EDD4000
heap
page read and write
20C28AC5000
heap
page read and write
20C28A9E000
heap
page read and write
20C27810000
heap
page read and write
2165F2AB000
heap
page read and write
29BC000
heap
page read and write
4B7000
heap
page read and write
4B7000
heap
page read and write
20C2AC7C000
heap
page read and write
20C2D1C4000
heap
page read and write
2165F35A000
heap
page read and write
57E000
heap
page read and write
20C2EBFF000
heap
page read and write
2E6F000
stack
page read and write
20C2ED7D000
heap
page read and write
5CB000
heap
page read and write
20C2EC84000
heap
page read and write
10004000
unkown
page readonly
20C2D193000
heap
page read and write
1AFF7850000
heap
page read and write
There are 791 hidden memdumps, click here to show them.