d:\dbs\el\z21\target\x64\ship\click2run\x-none\c2rui.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
af0a7f0a20ace9a5379dd4349f19509bef927ce481c71f584ab3e54eab19f5a9.dll
Resource
win7-20241010-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
af0a7f0a20ace9a5379dd4349f19509bef927ce481c71f584ab3e54eab19f5a9.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
af0a7f0a20ace9a5379dd4349f19509bef927ce481c71f584ab3e54eab19f5a9
-
Size
2.9MB
-
MD5
b12f88b2402d5d21fd61232386335fda
-
SHA1
b8a918fad713b965ace631282700b5fa5576121f
-
SHA256
af0a7f0a20ace9a5379dd4349f19509bef927ce481c71f584ab3e54eab19f5a9
-
SHA512
4e081090c956ffa03d948d194b597ff69725c40fed21674a91529fae666cc75575714f66f84e617f29158118c7aa87ff12800ecbe7363418a3397c76bd8928e3
-
SSDEEP
49152:c3exWUtoLLHsycZH5YtDGHwZ11+QHOyNsqNPRfhQwTEZTZakyjwYWlksseN:xWUt4HsT6hOYwY2h
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource af0a7f0a20ace9a5379dd4349f19509bef927ce481c71f584ab3e54eab19f5a9
Files
-
af0a7f0a20ace9a5379dd4349f19509bef927ce481c71f584ab3e54eab19f5a9.dll windows:6 windows x64 arch:x64
083e2935f0e0c946f5ae01244e2c13cb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
advapi32
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
CreateWellKnownSid
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteTreeW
RegDeleteKeyW
RegGetValueW
RegDeleteValueW
EventWriteTransfer
EventRegister
EventUnregister
GetTokenInformation
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetFileSecurityW
SetFileSecurityW
RevertToSelf
OpenThreadToken
OpenProcessToken
GetLengthSid
CopySid
InitializeAcl
AddAccessAllowedAce
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
EqualSid
RegEnumValueA
RegDeleteValueA
ole32
CoRevokeInitializeSpy
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoRegisterInitializeSpy
CreateStreamOnHGlobal
gdi32
CreateSolidBrush
Rectangle
DeleteObject
SetDCPenColor
SetBkColor
GetTextExtentPoint32W
SetDCBrushColor
ExtTextOutW
GetStockObject
CreatePen
GetTextMetricsW
SelectObject
SetTextColor
CreateFontW
GetDeviceCaps
oleaut32
SysAllocString
SysFreeString
kernel32
GetLocalTime
InitializeCriticalSectionAndSpinCount
VirtualQuery
VirtualProtect
GetSystemInfo
UnhandledExceptionFilter
LoadLibraryExA
GetACP
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetFileInformationByHandleEx
GetCurrentProcess
GetModuleHandleExW
InitializeCriticalSectionEx
GetLastError
CompareStringEx
GetProcAddress
DeleteCriticalSection
FreeLibrary
FlsFree
FlsAlloc
IsWow64Process
CloseHandle
SetEvent
OpenThread
WaitForSingleObject
GetExitCodeThread
CreateEventW
ResetEvent
DisableThreadLibraryCalls
FindClose
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
Sleep
GetStringTypeExW
LocalFree
FormatMessageA
GetSystemTimeAsFileTime
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
MultiByteToWideChar
TlsAlloc
TlsFree
FlsGetValue
TlsGetValue
FlsSetValue
TlsSetValue
InitializeSRWLock
RaiseException
ExpandEnvironmentStringsW
WideCharToMultiByte
GetCurrentProcessId
FileTimeToSystemTime
GetUserDefaultLocaleName
IsValidCodePage
SetLastError
GetSystemTime
GetProcessTimes
GetTickCount64
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
GetModuleFileNameW
K32GetModuleFileNameExW
CreateProcessW
GetModuleHandleW
LoadLibraryExW
FindResourceW
SizeofResource
LoadResource
VerSetConditionMask
VerifyVersionInfoW
OpenProcess
GlobalMemoryStatusEx
GetVersionExW
GetDiskFreeSpaceExW
CreateFileW
DeviceIoControl
GetComputerNameW
MulDiv
GetNativeSystemInfo
CreateActCtxW
ActivateActCtx
HeapFree
OutputDebugStringA
FindActCtxSectionStringW
DeactivateActCtx
QueryActCtxW
LoadLibraryW
HeapAlloc
GetProcessHeap
CreateThread
WaitForMultipleObjectsEx
CreateEventExW
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
ReleaseSemaphore
WaitForSingleObjectEx
QueryDepthSList
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
RtlCaptureStackBackTrace
SystemTimeToTzSpecificLocalTime
ReleaseMutex
GetTempPathW
GetLongPathNameW
GetFinalPathNameByHandleW
IsDebuggerPresent
GetFileAttributesExW
FindFirstFileExW
DeleteFileW
MoveFileExW
FindNextFileW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
WriteFile
ReadFile
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
FlushFileBuffers
LockFileEx
UnlockFileEx
CopyFileExW
GetVolumePathNamesForVolumeNameW
SetFileInformationByHandle
RtlLookupFunctionEntry
RtlVirtualUnwind
GetFileType
GetOverlappedResult
GetFileTime
ReplaceFileW
CopyFileW
GetTempFileNameW
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalFree
GlobalAlloc
K32GetProcessMemoryInfo
LockResource
SetFileTime
CancelIoEx
GetProcessAffinityMask
CreateWaitableTimerW
SetWaitableTimerEx
CancelWaitableTimer
GetTickCount
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetThreadIOPendingFlag
GetCurrentThread
GetQueuedCompletionStatus
GetSystemPowerStatus
IsSystemResumeAutomatic
OutputDebugStringW
RtlCaptureContext
OpenEventA
CreateEventA
OpenMutexA
CreateMutexA
OpenSemaphoreA
CreateSemaphoreA
OpenFileMappingA
LocalAlloc
FindFirstFileW
lstrcmpW
ProcessIdToSessionId
GetPriorityClass
GetExitCodeProcess
GetTimeZoneInformation
GetLocaleInfoEx
LCIDToLocaleName
LocaleNameToLCID
ResolveLocaleName
GetUserPreferredUILanguages
CreateMemoryResourceNotification
EnumSystemLocalesEx
GetSystemDefaultLocaleName
GetUserGeoID
InitOnceComplete
InitOnceBeginInitialize
rstrtmgr
RmStartSession
RmRegisterResources
RmGetList
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_name
strchr
wcsrchr
_purecall
wcschr
wcsstr
__current_exception
memmove
__current_exception_context
__C_specific_handler
__std_type_info_compare
__std_type_info_destroy_list
memset
memcpy
_CxxThrowException
__C_specific_handler_noexcept
memchr
memcmp
msvcp140
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
_Thrd_id
_Xtime_get_ticks
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_current_owns
_Cnd_timedwait
_Query_perf_counter
_Query_perf_frequency
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
_Wcsxfrm
_Wcscoll
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?toupper@?$ctype@_W@std@@QEBA_W_W@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
_Thrd_sleep
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
api-ms-win-crt-heap-l1-1-0
realloc
free
malloc
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vswscanf
__stdio_common_vswprintf
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
api-ms-win-crt-runtime-l1-1-0
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_errno
terminate
_initialize_onexit_table
_initialize_narrow_environment
_cexit
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_crt_atexit
_clearfp
_execute_onexit_table
abort
api-ms-win-crt-string-l1-1-0
_towupper_l
strncpy_s
wcsnlen
strcmp
wcstok_s
wcsncat_s
wcscpy_s
wmemcpy_s
_wcsicmp
wcscmp
strnlen
_stricmp
wcsncpy_s
iswspace
towlower
isdigit
isspace
isxdigit
tolower
wcscat_s
api-ms-win-crt-convert-l1-1-0
_i64tow_s
strtol
_ui64tow_s
_ui64toa_s
_wtoi
wcstol
wcstod
_wcstoi64
_wcstoui64
_ultow_s
wcstoul
_itow_s
api-ms-win-crt-time-l1-1-0
_time64
_localtime64_s
wcsftime
_difftime64
_mktime64
api-ms-win-crt-math-l1-1-0
round
logf
expf
log10
floor
pow
ceilf
api-ms-win-crt-locale-l1-1-0
__initialize_lconv_for_unsigned_char
_create_locale
gdiplus
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipLoadImageFromStream
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipDeleteBrush
GdipDrawImageRectRectI
GdiplusStartup
GdipDisposeImage
GdipFillRectangleI
Exports
Exports
CloseC2RUI
ConfirmDialog
ConfirmOnlineRepairDialog
CreateC2RSplashScreen
DestroyAdminUpdateDeadlineProgressAgent
DestroyC2RSplashScreen
DestroyErrorBagUI
DestroyPackageLockedDialog
DestroyProgressAgent
GetLocalizedCountValue
GetString
LoadC2RUIString
SetupAdminUpdateDeadlineProgressAgent
ShowAdminUpdateDeadlineProgressAgent
ShowBlockingDialog
ShowC2RSplashScreen
ShowDisconnectedToast
ShowDuringProcessShutDownDialog
ShowEnforcedUpdateDialog
ShowErrorBagUI
ShowErrorDialog
ShowFeatureBlockStreamingUI
ShowLessAggressiveProcessKillerDialog
ShowModificationInProgressDialog
ShowOffice15InstallationBlockedUI
ShowPackageLockedDialog
ShowPartialRepairDialog
ShowPostPartialRepairDialog
ShowPostUninstallDialog
ShowPrePartialRepairDialog
ShowPreUninstallDialog
ShowPrereqFailureDialog
ShowProcessKillerDialog
ShowProcessKillerFailureDialog
ShowProgressAgent
ShowProgressAgentInstallationBlocked
ShowRepairDialog
ShowRepairTypePickerDialog
ShowRestartNotifyDialog
ShowRetryUI
ShowStreamingCompleteToast
ShowSxSAppRemovalNotifyDialog
ShowTouchlessAttachNotification
ShowUninstallDialog
ShowUnsupportedSxSConfigDialog
ShowUpdatesAreLateProgressAgent
ShowUpdatesCompleteProgressAgent
ShowUpdatesInProgressProgressAgent
ShowUpdatesReadyToApplyDialog
ShowWaitingPackageLockedDialog
StartApplyProgress
StartClientDownloadProgress
StartDetectionProgress
StartDownloadProgress
StartFullRepairProgress
StartPartialRepairProgress
StartProcessShutDownProgress
StartUninstallProgress
UpdateLabelForC2RSplashScreen
Sections
.text Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 651KB - Virtual size: 650KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 59KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 70KB - Virtual size: 70KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 536KB - Virtual size: 536KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ