Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Sldl84wxy8.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\ffmpeg.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\libEGL.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\libGLESv2.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\main.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\vk_swiftshader.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\build.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\ffmpeg.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\libEGL.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\libGLESv2.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\main.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\vk_swiftshader.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\vulkan-1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\start.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\svchost (3).exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\UserData\Updater.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\svchos.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost (3).exe_6122bbe2fa8fede73f613859bbd18b79843c243_1f2af782_88721aa2-c727-47e9-bfe6-32bf9bdb24f2\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAF87.tmp.dmp
|
Mini DuMP crash report, 16 streams, Thu Mar 28 15:24:59 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB247.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB267.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\start.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\svchos.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\LICENSE.electron.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\LICENSES.chromium.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\chrome_100_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\chrome_200_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\d3dcompiler_47.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\icudtl.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\resources.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\snapshot_blob.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\v8_context_snapshot.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\LICENSE.electron.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\LICENSES.chromium.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\chrome_100_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\chrome_200_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\d3dcompiler_47.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\icudtl.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\af.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\am.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\ar.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\bg.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\bn.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\ca.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\cs.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\da.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\de.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\el.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\en-GB.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\en-US.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\es-419.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\es.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\et.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\fa.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\fi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\fil.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\fr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\gu.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\he.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\hi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\hr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\hu.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\id.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\it.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\ja.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\kn.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\ko.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\lt.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\lv.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\ml.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\mr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\ms.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\nb.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\nl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\pl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\pt-BR.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\pt-PT.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\ro.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\ru.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\sk.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\sl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\sr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\sv.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\sw.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\ta.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\te.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\th.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\tr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\uk.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\ur.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\vi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\zh-CN.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\locales\zh-TW.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\resources.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\resources\app.asar
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\resources\elevate.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\snapshot_blob.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\v8_context_snapshot.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\7z-out\vk_swiftshader_icd.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\app-64.7z
|
7-zip archive data, version 0.4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsdAE7E.tmp\nsis7z.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpC5CE.tmp.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\main\65fb37c4-965f-4a20-8228-f0ff42ba6aa0.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\main\Local State (copy)
|
JSON data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators, with overstriking
|
dropped
|
There are 99 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Sldl84wxy8.exe
|
"C:\Users\user\Desktop\Sldl84wxy8.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\svchost (3).exe
|
"C:\Users\user\AppData\Local\Temp\svchost (3).exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\build.exe
|
"C:\Users\user\AppData\Local\Temp\build.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\start.exe
|
"C:\Users\user\AppData\Local\Temp\start.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchos" /tr '"C:\Users\user\AppData\Roaming\svchos.exe"'
& exit
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpC5CE.tmp.bat""
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /f /sc onlogon /rl highest /tn "svchos" /tr '"C:\Users\user\AppData\Roaming\svchos.exe"'
|
|
|
|
C:\Users\user\AppData\Roaming\svchos.exe
|
C:\Users\user\AppData\Roaming\svchos.exe
|
|
|
|
C:\Users\user\AppData\Roaming\svchos.exe
|
"C:\Users\user\AppData\Roaming\svchos.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\main.exe
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\main.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\main.exe
|
"C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\main.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\main"
--gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA=
--mojo-platform-channel-handle=1628 --field-trial-handle=1804,i,13840549230161023294,8166055529436649355,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand
/prefetch:2
|
|
|
|
C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\main.exe
|
"C:\Users\user\AppData\Local\Temp\2eHfvuySzqzZl8qUAC9nldhe9q6\main.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\main" --mojo-platform-channel-handle=2140
--field-trial-handle=1804,i,13840549230161023294,8166055529436649355,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand
/prefetch:8
|
|
|
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6728 -s 1172
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\timeout.exe
|
timeout 3
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
leetboy.dynuddns.net
|
|
||
|
https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30
|
unknown
|
||
|
https://support.google.com/chrome/answer/6098869
|
unknown
|
||
|
https://dns10.quad9.net/dns-query
|
unknown
|
||
|
https://www.google.com/chrome/privacy/eula_text.html
|
unknown
|
||
|
https://chromium.dns.nextdns.io
|
unknown
|
||
|
http://www.unicode.org/copyright.html
|
unknown
|
||
|
https://www.google.com/chrome/privacy/eula_text.htmlPod
|
unknown
|
||
|
https://doh.familyshield.opendns.com/dns-query
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=hrPre
|
unknown
|
||
|
https://doh.cleanbrowsing.org/doh/security-filter
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=ml
|
unknown
|
||
|
https://dns.google/dns-query
|
unknown
|
||
|
https://www.google.com/chrome/privacy/eula_text.htmlHaldab
|
unknown
|
||
|
https://public.dns.iij.jp/
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=et&category=theme81https://myactivity.google.com/myactivity/?u
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=te&category=theme81https://myactivity.google.com/myactivity/?u
|
unknown
|
||
|
https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
|
unknown
|
||
|
https://photos.google.com/settings?referrer=CHROME_NTP
|
unknown
|
||
|
https://doh.cox.net/dns-query
|
unknown
|
||
|
https://myactivity.google.com/
|
unknown
|
||
|
https://perfetto.dev/docs/contributing/getting-started#community).No
|
unknown
|
||
|
https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11Pd
|
unknown
|
||
|
https://doh.quickline.ch/dns-query
|
unknown
|
||
|
https://www.nic.cz/odvr/
|
unknown
|
||
|
https://chrome-devtools-frontend.appspot.com/
|
unknown
|
||
|
https://developers.google.com/speed/public-dns/privacy
|
unknown
|
||
|
https://dns11.quad9.net/dns-query
|
unknown
|
||
|
https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=etOtsetee
|
unknown
|
||
|
https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
|
unknown
|
||
|
https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
|
unknown
|
||
|
https://passwords.google.com
|
unknown
|
||
|
https://www.nic.cz/odvr/CZ.NIC
|
unknown
|
||
|
https://policies.google.com/
|
unknown
|
||
|
https://doh-02.spectrum.com/dns-query
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=th&category=theme81https://myactivity.google.com/myactivity/?u
|
unknown
|
||
|
https://public.dns.iij.jp/dns-queryIijUShttps://nextdns.io/privacyNextDNShttps://chromium.dns.nextdn
|
unknown
|
||
|
https://www.quad9.net/home/privacy/Quad9
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://perfetto.dev/docs/contributing/getting-started#community).
|
unknown
|
||
|
https://public.dns.iij.jp/IIJ
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=te
|
unknown
|
||
|
https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
|
unknown
|
||
|
https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10
|
unknown
|
||
|
https://cleanbrowsing.org/privacyCleanBrowsing
|
unknown
|
||
|
https://nextdns.io/privacy
|
unknown
|
||
|
https://odvr.nic.cz/doh
|
unknown
|
||
|
https://chrome.google.com/webstore/category/extensions
|
unknown
|
||
|
https://doh.cleanbrowsing.org/doh/family-filter
|
unknown
|
||
|
https://support.google.com/chromebook?p=app_intent
|
unknown
|
||
|
https://doh.xfinity.com/dns-query
|
unknown
|
||
|
https://alekberg.net/privacyalekberg.net
|
unknown
|
||
|
https://cleanbrowsing.org/privacy
|
unknown
|
||
|
https://www.quad9.net/home/privacy/
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=ml&category=theme81https://myactivity.google.com/myactivity/?u
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=th
|
unknown
|
||
|
https://developers.google.com/speed/public-dns/privacyGoogle
|
unknown
|
||
|
https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
|
unknown
|
||
|
https://dns64.dns.google/dns-query
|
unknown
|
||
|
https://doh.cleanbrowsing.org/doh/adult-filter
|
unknown
|
||
|
https://doh.opendns.com/dns-query
|
unknown
|
||
|
https://passwords.google.comGoogle
|
unknown
|
||
|
https://doh-01.spectrum.com/dns-query
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://dns.quad9.net/dns-query
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=hi&category=theme81https://myactivity.google.com/myactivity/?u
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/legal/privacy-full.html
|
unknown
|
||
|
https://dns.quad9.net/dns-querydns.quad9.netdns9.quad9.net9.9.9.9149.112.112.1122620:fe::fe2620:fe::
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=hr&category=theme81https://myactivity.google.com/myactivity/?u
|
unknown
|
||
|
https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
|
unknown
|
||
|
https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query
|
unknown
|
||
|
https://chrome.cloudflare-dns.com/dns-query
|
unknown
|
||
|
https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1
|
unknown
|
||
|
https://chrome-devtools-frontend.appspot.com/%s%s/%s/NetworkResourceLoaderstreamWriteInspectableWebC
|
unknown
|
||
|
https://public.dns.iij.jp/dns-query
|
unknown
|
||
|
https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=hi
|
unknown
|
||
|
https://dns.sb/privacy/
|
unknown
|
||
|
https://doh.dns.sb/dns-query
|
unknown
|
||
|
https://support.google.com/chrome/a/?p=block_warn
|
unknown
|
||
|
https://alekberg.net/privacy
|
unknown
|
||
|
https://dnsnl.alekberg.net/dns-query
|
unknown
|
||
|
https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
|
unknown
|
There are 74 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
blue.o7lab.me
|
94.156.66.112
|
|
|
|
leetboy.dynuddns.net
|
185.196.11.223
|
|
|
|
rentry.co
|
104.21.95.148
|
||
|
cosmicdust.zip
|
192.236.232.25
|
||
|
cosmoplanets.net
|
172.67.142.111
|
||
|
windowsupdatebg.s.llnwi.net
|
69.164.0.0
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.156.66.112
|
blue.o7lab.me
|
Bulgaria
|
|
|
|
185.196.11.223
|
leetboy.dynuddns.net
|
Switzerland
|
|
|
|
192.236.232.25
|
cosmicdust.zip
|
United States
|
||
|
172.67.142.111
|
cosmoplanets.net
|
United States
|
||
|
104.21.95.148
|
rentry.co
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\ActiveMovie\devenum
|
Version
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
ProgramId
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
FileId
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
LongPathHash
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
Name
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
OriginalFileName
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
Publisher
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
Version
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
BinFileVersion
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
BinaryType
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
ProductName
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
ProductVersion
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
LinkDate
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
BinProductVersion
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
Size
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
Language
|
||
|
\REGISTRY\A\{24f3e0ce-d2d2-6c22-27e0-31c3053927ab}\Root\InventoryApplicationFile\svchost (3).exe|d4254f46eac0690f
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2451000
|
trusted library allocation
|
page read and write
|
|
|
|
252000
|
unkown
|
page readonly
|
|
|
|
24231491000
|
trusted library allocation
|
page read and write
|
|
|
|
2589000
|
trusted library allocation
|
page read and write
|
|
|
|
2250000
|
heap
|
page read and write
|
||
|
2977000
|
heap
|
page read and write
|
||
|
7FFB4B034000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF6562AB000
|
unkown
|
page execute read
|
||
|
1120000
|
heap
|
page read and write
|
||
|
2D70000
|
heap
|
page execute and read and write
|
||
|
7FFB4B0D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8C7000
|
heap
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
2C02000
|
unkown
|
page readonly
|
||
|
2422F7F2000
|
heap
|
page read and write
|
||
|
7FFB4B1D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F5000
|
heap
|
page read and write
|
||
|
7AD000
|
stack
|
page read and write
|
||
|
2422FAA5000
|
heap
|
page read and write
|
||
|
A0E000
|
unkown
|
page read and write
|
||
|
24C1000
|
trusted library allocation
|
page read and write
|
||
|
24231477000
|
trusted library allocation
|
page read and write
|
||
|
24249E40000
|
heap
|
page read and write
|
||
|
24249FC0000
|
heap
|
page read and write
|
||
|
24231403000
|
heap
|
page read and write
|
||
|
4B46000
|
heap
|
page read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
7FF6580AB000
|
unkown
|
page execute read
|
||
|
A2E000
|
stack
|
page read and write
|
||
|
24DE000
|
stack
|
page read and write
|
||
|
24231431000
|
trusted library allocation
|
page read and write
|
||
|
4915000
|
trusted library allocation
|
page read and write
|
||
|
2D2E000
|
stack
|
page read and write
|
||
|
2422F7FB000
|
heap
|
page read and write
|
||
|
24249F50000
|
trusted library section
|
page read and write
|
||
|
2563000
|
trusted library allocation
|
page read and write
|
||
|
7FF656CAB000
|
unkown
|
page execute read
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
FB0C6FE000
|
stack
|
page read and write
|
||
|
3151000
|
heap
|
page read and write
|
||
|
7FF658AAB000
|
unkown
|
page execute read
|
||
|
19A000
|
stack
|
page read and write
|
||
|
7FF6576AB000
|
unkown
|
page execute read
|
||
|
7E0000
|
trusted library allocation
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
7FF6526AB000
|
unkown
|
page execute read
|
||
|
7FF447DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
FB0C8FA000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
2520000
|
heap
|
page read and write
|
||
|
FB0C0FF000
|
stack
|
page read and write
|
||
|
2AD1000
|
heap
|
page read and write
|
||
|
2D8D000
|
heap
|
page read and write
|
||
|
3602000
|
unkown
|
page readonly
|
||
|
24DB000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
7FF6558AB000
|
unkown
|
page execute read
|
||
|
7F4000
|
trusted library allocation
|
page read and write
|
||
|
7FF653AAB000
|
unkown
|
page execute read
|
||
|
2CBE000
|
stack
|
page read and write
|
||
|
7FFB4B010000
|
trusted library allocation
|
page read and write
|
||
|
2340000
|
heap
|
page execute and read and write
|
||
|
7FF6530AB000
|
unkown
|
page execute read
|
||
|
2422F7D0000
|
heap
|
page read and write
|
||
|
11A5000
|
heap
|
page read and write
|
||
|
496E000
|
stack
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
252C000
|
trusted library allocation
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
116E000
|
stack
|
page read and write
|
||
|
2F3E000
|
stack
|
page read and write
|
||
|
2553000
|
trusted library allocation
|
page read and write
|
||
|
695000
|
heap
|
page read and write
|
||
|
3251000
|
heap
|
page read and write
|
||
|
7FFB4B014000
|
trusted library allocation
|
page read and write
|
||
|
2527000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7FFB4B03B000
|
trusted library allocation
|
page execute and read and write
|
||
|
85D000
|
stack
|
page read and write
|
||
|
2422F8BF000
|
heap
|
page read and write
|
||
|
14BF000
|
stack
|
page read and write
|
||
|
2D5C000
|
heap
|
page read and write
|
||
|
253D000
|
trusted library allocation
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
2C02000
|
unkown
|
page readonly
|
||
|
3F41000
|
trusted library allocation
|
page read and write
|
||
|
2F51000
|
heap
|
page read and write
|
||
|
7FFB4B028000
|
trusted library allocation
|
page read and write
|
||
|
25BF000
|
stack
|
page read and write
|
||
|
2422F812000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
838000
|
heap
|
page read and write
|
||
|
7FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B013000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DD1000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
2D7D000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
2424AFD0000
|
heap
|
page read and write
|
||
|
2500000
|
trusted library allocation
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
2579000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
24249FC5000
|
heap
|
page read and write
|
||
|
2474000
|
trusted library allocation
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
3351000
|
heap
|
page read and write
|
||
|
7FF658C22000
|
unkown
|
page readonly
|
||
|
257E000
|
stack
|
page read and write
|
||
|
7FF654EAB000
|
unkown
|
page execute read
|
||
|
E02000
|
unkown
|
page readonly
|
||
|
2422FB20000
|
heap
|
page read and write
|
||
|
FB0C9FD000
|
stack
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
254E000
|
trusted library allocation
|
page read and write
|
||
|
2422FB85000
|
heap
|
page read and write
|
||
|
2422F752000
|
unkown
|
page readonly
|
||
|
21F0000
|
trusted library allocation
|
page read and write
|
||
|
30D1000
|
heap
|
page read and write
|
||
|
1802000
|
unkown
|
page readonly
|
||
|
1000000
|
heap
|
page read and write
|
||
|
4910000
|
trusted library allocation
|
page read and write
|
||
|
7FF658C32000
|
unkown
|
page readonly
|
||
|
2951000
|
heap
|
page read and write
|
||
|
2A51000
|
heap
|
page read and write
|
||
|
12EA000
|
heap
|
page read and write
|
||
|
82A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5380000
|
heap
|
page read and write
|
||
|
250000
|
unkown
|
page readonly
|
||
|
7FFB4B1CF000
|
trusted library allocation
|
page read and write
|
||
|
2202000
|
unkown
|
page readonly
|
||
|
458E000
|
stack
|
page read and write
|
||
|
D99000
|
stack
|
page read and write
|
||
|
572C000
|
stack
|
page read and write
|
||
|
500E000
|
stack
|
page read and write
|
||
|
2D8E000
|
heap
|
page read and write
|
||
|
12F5000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
85A000
|
heap
|
page read and write
|
||
|
849000
|
heap
|
page read and write
|
||
|
24231400000
|
heap
|
page read and write
|
||
|
24241431000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
251F000
|
stack
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
510E000
|
stack
|
page read and write
|
||
|
2422FB10000
|
trusted library section
|
page readonly
|
||
|
C9C000
|
stack
|
page read and write
|
||
|
7FF650E10000
|
unkown
|
page readonly
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
2D8E000
|
heap
|
page read and write
|
||
|
2F4F000
|
stack
|
page read and write
|
||
|
1530000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F0E000
|
stack
|
page read and write
|
||
|
4C0E000
|
stack
|
page read and write
|
||
|
5480000
|
heap
|
page read and write
|
||
|
7FFB4B1F0000
|
trusted library allocation
|
page read and write
|
||
|
2422FAA0000
|
heap
|
page read and write
|
||
|
24C3000
|
trusted library allocation
|
page read and write
|
||
|
24C9000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B200000
|
trusted library allocation
|
page read and write
|
||
|
3F9000
|
stack
|
page read and write
|
||
|
7FF651CAB000
|
unkown
|
page execute read
|
||
|
7FF6512AB000
|
unkown
|
page execute read
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
24249D00000
|
heap
|
page execute and read and write
|
||
|
2422FB80000
|
heap
|
page read and write
|
||
|
7CA000
|
heap
|
page read and write
|
||
|
7FF658C19000
|
unkown
|
page readonly
|
||
|
24249E50000
|
heap
|
page read and write
|
||
|
2B51000
|
heap
|
page read and write
|
||
|
7FF650E11000
|
unkown
|
page execute read
|
||
|
2422F810000
|
heap
|
page read and write
|
||
|
2202000
|
unkown
|
page readonly
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
49AE000
|
stack
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
2D8E000
|
heap
|
page read and write
|
||
|
2FD1000
|
heap
|
page read and write
|
||
|
7FFB4B1C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B230000
|
trusted library allocation
|
page execute and read and write
|
||
|
402000
|
unkown
|
page readonly
|
||
|
547C000
|
stack
|
page read and write
|
||
|
2422F9C0000
|
heap
|
page read and write
|
||
|
7FFB4B020000
|
trusted library allocation
|
page read and write
|
||
|
12B0000
|
trusted library allocation
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
2D7D000
|
heap
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
24E7000
|
trusted library allocation
|
page read and write
|
||
|
24F0000
|
trusted library allocation
|
page read and write
|
||
|
2422FA50000
|
trusted library allocation
|
page read and write
|
||
|
2FC000
|
stack
|
page read and write
|
||
|
2FBF000
|
heap
|
page read and write
|
||
|
2424B5D2000
|
trusted library allocation
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
503E000
|
stack
|
page read and write
|
||
|
33D1000
|
heap
|
page read and write
|
||
|
800000
|
trusted library allocation
|
page read and write
|
||
|
2424B031000
|
heap
|
page read and write
|
||
|
2422F83D000
|
heap
|
page read and write
|
||
|
250D000
|
trusted library allocation
|
page read and write
|
||
|
54F0000
|
heap
|
page execute and read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
7FF6526AB000
|
unkown
|
page execute read
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
2D7D000
|
heap
|
page read and write
|
||
|
7FFB4B06C000
|
trusted library allocation
|
page execute and read and write
|
||
|
822000
|
trusted library allocation
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
2C7F000
|
unkown
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
24D9000
|
trusted library allocation
|
page read and write
|
||
|
2422F8B4000
|
heap
|
page read and write
|
||
|
2490000
|
heap
|
page read and write
|
||
|
FB0BFFF000
|
stack
|
page read and write
|
||
|
41C000
|
stack
|
page read and write
|
||
|
7FFB4B012000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B130000
|
trusted library allocation
|
page execute and read and write
|
||
|
259F000
|
trusted library allocation
|
page read and write
|
||
|
14FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
2F41000
|
trusted library allocation
|
page read and write
|
||
|
257E000
|
trusted library allocation
|
page read and write
|
||
|
7FF6558AB000
|
unkown
|
page execute read
|
||
|
7FFB4B03D000
|
trusted library allocation
|
page execute and read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
A10000
|
heap
|
page read and write
|
||
|
2320000
|
trusted library allocation
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
FB0C5FE000
|
stack
|
page read and write
|
||
|
24241437000
|
trusted library allocation
|
page read and write
|
||
|
FB0C2FD000
|
stack
|
page read and write
|
||
|
50B000
|
unkown
|
page readonly
|
||
|
7FF650E10000
|
unkown
|
page readonly
|
||
|
7FF650E11000
|
unkown
|
page execute read
|
||
|
95C000
|
stack
|
page read and write
|
||
|
2422F9E0000
|
heap
|
page read and write
|
||
|
14E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D7D000
|
heap
|
page read and write
|
||
|
3451000
|
heap
|
page read and write
|
||
|
223E000
|
stack
|
page read and write
|
||
|
14D4000
|
trusted library allocation
|
page read and write
|
||
|
7F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
402000
|
unkown
|
page readonly
|
||
|
24249D10000
|
heap
|
page read and write
|
||
|
13B1000
|
heap
|
page read and write
|
||
|
2851000
|
heap
|
page read and write
|
||
|
2422FA80000
|
trusted library allocation
|
page read and write
|
||
|
7C1000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
2D7E000
|
heap
|
page read and write
|
||
|
3602000
|
unkown
|
page readonly
|
||
|
7FFB4B0C0000
|
trusted library allocation
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
31D1000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
7FFB4B022000
|
trusted library allocation
|
page read and write
|
||
|
14C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2422F8E0000
|
heap
|
page read and write
|
||
|
14C4000
|
trusted library allocation
|
page read and write
|
||
|
FB0C4FE000
|
stack
|
page read and write
|
||
|
7FFB4B210000
|
trusted library allocation
|
page read and write
|
||
|
2422F7DC000
|
heap
|
page read and write
|
||
|
21D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C3000
|
heap
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
FB0C1FE000
|
stack
|
page read and write
|
||
|
7FF651CAB000
|
unkown
|
page execute read
|
||
|
402000
|
unkown
|
page readonly
|
||
|
7FF653AAB000
|
unkown
|
page execute read
|
||
|
2422FA00000
|
heap
|
page read and write
|
||
|
24249D20000
|
heap
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
7FFB4B030000
|
trusted library allocation
|
page read and write
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
2424B016000
|
heap
|
page read and write
|
||
|
3051000
|
heap
|
page read and write
|
||
|
432D000
|
unkown
|
page readonly
|
||
|
2525000
|
trusted library allocation
|
page read and write
|
||
|
250F000
|
trusted library allocation
|
page read and write
|
||
|
2422FA70000
|
trusted library allocation
|
page read and write
|
||
|
2CD1000
|
heap
|
page read and write
|
||
|
2422F750000
|
unkown
|
page readonly
|
||
|
490E000
|
stack
|
page read and write
|
||
|
E02000
|
unkown
|
page readonly
|
||
|
14F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
2545000
|
trusted library allocation
|
page read and write
|
||
|
7FF6530AB000
|
unkown
|
page execute read
|
||
|
7FFB4B02D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4002000
|
unkown
|
page readonly
|
||
|
2900000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
2539000
|
trusted library allocation
|
page read and write
|
||
|
2422FAE0000
|
heap
|
page read and write
|
||
|
2422F7FD000
|
heap
|
page read and write
|
||
|
2422F83B000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
2E20000
|
trusted library allocation
|
page read and write
|
||
|
255B000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1E0000
|
trusted library allocation
|
page read and write
|
||
|
24E9000
|
trusted library allocation
|
page read and write
|
||
|
242317F0000
|
trusted library allocation
|
page read and write
|
||
|
4AD0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4ACF000
|
stack
|
page read and write
|
||
|
2D8E000
|
heap
|
page read and write
|
||
|
FB0C7FE000
|
stack
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page read and write
|
||
|
12F7000
|
heap
|
page read and write
|
||
|
7FF6512AB000
|
unkown
|
page execute read
|
||
|
21DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
827000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D8E000
|
heap
|
page read and write
|
||
|
3451000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B01D000
|
trusted library allocation
|
page execute and read and write
|
||
|
253B000
|
trusted library allocation
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
7FFB4B0C6000
|
trusted library allocation
|
page read and write
|
||
|
244E000
|
stack
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
2BD1000
|
heap
|
page read and write
|
||
|
448C000
|
stack
|
page read and write
|
||
|
2422FB40000
|
heap
|
page execute and read and write
|
||
|
12AE000
|
stack
|
page read and write
|
||
|
24249460000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B220000
|
trusted library allocation
|
page read and write
|
||
|
FB0BEF3000
|
stack
|
page read and write
|
||
|
24241441000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B212000
|
trusted library allocation
|
page read and write
|
||
|
24231420000
|
heap
|
page read and write
|
||
|
262000
|
unkown
|
page readonly
|
||
|
2423153E000
|
trusted library allocation
|
page read and write
|
||
|
FB0C3FC000
|
stack
|
page read and write
|
||
|
2851000
|
heap
|
page read and write
|
||
|
8DC000
|
heap
|
page read and write
|
||
|
28D1000
|
heap
|
page read and write
|
||
|
21D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1B0000
|
trusted library allocation
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
14EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1802000
|
unkown
|
page readonly
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
24249D49000
|
heap
|
page read and write
|
||
|
3475000
|
trusted library allocation
|
page read and write
|
||
|
3DC000
|
stack
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
24241590000
|
trusted library allocation
|
page read and write
|
||
|
2568000
|
trusted library allocation
|
page read and write
|
||
|
7FF654EAB000
|
unkown
|
page execute read
|
||
|
14CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
32D1000
|
heap
|
page read and write
|
||
|
7FF6544AB000
|
unkown
|
page execute read
|
||
|
830000
|
heap
|
page read and write
|
||
|
2422FA83000
|
trusted library allocation
|
page read and write
|
||
|
251B000
|
trusted library allocation
|
page read and write
|
||
|
2547000
|
trusted library allocation
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
2530000
|
heap
|
page read and write
|
||
|
111E000
|
stack
|
page read and write
|
||
|
49C0000
|
heap
|
page execute and read and write
|
||
|
2240000
|
trusted library allocation
|
page execute and read and write
|
||
|
2ED1000
|
heap
|
page read and write
|
||
|
7FF6544AB000
|
unkown
|
page execute read
|
There are 373 hidden memdumps, click here to show them.