IOC Report
Setup_TimeFreeze.exe

loading gifFilesProcessesURLsIPsRegistryMemdumpsDOM4321010010Label

Files

File Path
Type
Category
Malicious
Download
Setup_TimeFreeze.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.53feef38-bede-4783-a596-47fc4a107d6c.1.etl
data
dropped
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\TOOLWIZTIMEFREEZE\TOOLWIZTIMEFREEZE.CACHE
data
dropped
C:\TOOLWIZTIMEFREEZE\TOOLWIZTIMEFREEZE.CONFIG
data
dropped
C:\Users\user\AppData\Local\Temp\5780968.ini
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 18 14:50:08 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 18 14:50:07 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 18 14:50:07 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 18 14:50:08 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 18 14:50:07 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
Unicode text, UTF-16, little-endian text, with CRLF line terminators
modified
Chrome Cache Entry: 118
GIF image data, version 87a, 1080 x 648
downloaded
Chrome Cache Entry: 119
PNG image data, 2760 x 1680, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 120
data
downloaded
Chrome Cache Entry: 121
ASCII text, with very long lines (8377), with no line terminators
downloaded
Chrome Cache Entry: 122
Unicode text, UTF-8 text, with very long lines (17414), with no line terminators
downloaded
Chrome Cache Entry: 123
Unicode text, UTF-8 text, with very long lines (9573), with no line terminators
downloaded
Chrome Cache Entry: 124
data
downloaded
Chrome Cache Entry: 125
data
downloaded
Chrome Cache Entry: 126
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
downloaded
Chrome Cache Entry: 127
Unicode text, UTF-8 text, with very long lines (63923), with no line terminators
downloaded
Chrome Cache Entry: 128
Unicode text, UTF-8 text, with very long lines (16740), with no line terminators
downloaded
Chrome Cache Entry: 129
ASCII text, with very long lines (11578), with no line terminators
downloaded
Chrome Cache Entry: 130
Unicode text, UTF-8 text, with very long lines (22817), with no line terminators
downloaded
Chrome Cache Entry: 131
GIF image data, version 87a, 1080 x 648
dropped
Chrome Cache Entry: 132
data
downloaded
Chrome Cache Entry: 133
data
downloaded
Chrome Cache Entry: 134
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 135
data
downloaded
Chrome Cache Entry: 136
data
downloaded
Chrome Cache Entry: 137
ASCII text, with very long lines (642), with no line terminators
downloaded
Chrome Cache Entry: 138
ASCII text, with very long lines (623), with no line terminators
downloaded
Chrome Cache Entry: 139
ASCII text, with very long lines (11154), with no line terminators
downloaded
Chrome Cache Entry: 140
Unicode text, UTF-8 text, with very long lines (62725), with no line terminators
downloaded
Chrome Cache Entry: 141
Unicode text, UTF-8 text, with very long lines (15469), with no line terminators
downloaded
Chrome Cache Entry: 142
Unicode text, UTF-8 text, with very long lines (4968), with no line terminators
downloaded
Chrome Cache Entry: 143
ISO Media, Apple QuickTime movie, Apple QuickTime (.MOV/QT)
downloaded
Chrome Cache Entry: 144
PNG image data, 2880 x 1800, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 145
ASCII text, with very long lines (1504), with no line terminators
downloaded
Chrome Cache Entry: 146
data
downloaded
Chrome Cache Entry: 147
data
downloaded
Chrome Cache Entry: 148
PNG image data, 1158 x 137, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 149
Unicode text, UTF-8 text, with very long lines (12594)
downloaded
Chrome Cache Entry: 150
OpenPGP Secret Key
downloaded
Chrome Cache Entry: 151
ASCII text, with very long lines (8655), with no line terminators
downloaded
Chrome Cache Entry: 152
Unicode text, UTF-8 text, with very long lines (16829), with no line terminators
downloaded
Chrome Cache Entry: 153
ASCII text, with very long lines (1537), with no line terminators
downloaded
Chrome Cache Entry: 154
Unicode text, UTF-8 text, with very long lines (16040), with no line terminators
downloaded
Chrome Cache Entry: 155
ASCII text
downloaded
Chrome Cache Entry: 156
data
downloaded
Chrome Cache Entry: 157
data
downloaded
Chrome Cache Entry: 158
PNG image data, 1380 x 770, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 159
data
downloaded
Chrome Cache Entry: 160
data
downloaded
Chrome Cache Entry: 161
JSON data
downloaded
Chrome Cache Entry: 162
Unicode text, UTF-8 text, with very long lines (52555), with no line terminators
downloaded
Chrome Cache Entry: 163
data
downloaded
Chrome Cache Entry: 164
ASCII text, with very long lines (25366), with no line terminators
downloaded
Chrome Cache Entry: 165
ASCII text
downloaded
Chrome Cache Entry: 166
ASCII text, with very long lines (11593), with no line terminators
downloaded
Chrome Cache Entry: 167
data
downloaded
Chrome Cache Entry: 168
ISO Media, MP4 v2 [ISO 14496-14]
downloaded
Chrome Cache Entry: 169
ASCII text, with very long lines (642), with no line terminators
downloaded
Chrome Cache Entry: 170
Unicode text, UTF-8 text, with very long lines (7366), with no line terminators
downloaded
Chrome Cache Entry: 171
ASCII text, with very long lines (18340), with no line terminators
downloaded
Chrome Cache Entry: 172
Unicode text, UTF-8 text, with very long lines (1541), with no line terminators
downloaded
Chrome Cache Entry: 173
data
downloaded
Chrome Cache Entry: 174
Unicode text, UTF-8 text, with very long lines (65512), with no line terminators
downloaded
Chrome Cache Entry: 175
data
downloaded
Chrome Cache Entry: 176
ASCII text, with very long lines (5669), with no line terminators
downloaded
Chrome Cache Entry: 177
data
downloaded
Chrome Cache Entry: 178
data
downloaded
Chrome Cache Entry: 179
ASCII text, with very long lines (562), with no line terminators
downloaded
Chrome Cache Entry: 180
data
downloaded
Chrome Cache Entry: 181
PNG image data, 2760 x 1680, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 182
PNG image data, 1149 x 800, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 183
ASCII text, with very long lines (26353), with no line terminators
downloaded
Chrome Cache Entry: 184
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 185
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
downloaded
Chrome Cache Entry: 186
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
dropped
Chrome Cache Entry: 187
ASCII text, with very long lines (6902), with no line terminators
downloaded
Chrome Cache Entry: 188
ASCII text, with very long lines (64347)
downloaded
Chrome Cache Entry: 189
data
downloaded
Chrome Cache Entry: 190
PNG image data, 1158 x 137, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 191
data
downloaded
Chrome Cache Entry: 192
ASCII text, with very long lines (13576), with no line terminators
downloaded
Chrome Cache Entry: 193
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
downloaded
Chrome Cache Entry: 194
ASCII text, with very long lines (51630)
downloaded
Chrome Cache Entry: 195
PNG image data, 1149 x 800, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 196
data
downloaded
Chrome Cache Entry: 197
data
downloaded
Chrome Cache Entry: 198
Unicode text, UTF-8 text, with very long lines (32005)
downloaded
Chrome Cache Entry: 199
data
downloaded
Chrome Cache Entry: 200
Unicode text, UTF-8 text, with very long lines (9119), with no line terminators
downloaded
Chrome Cache Entry: 201
PNG image data, 2880 x 1800, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 202
data
downloaded
Chrome Cache Entry: 203
PNG image data, 1380 x 770, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 204
ASCII text, with very long lines (37569), with no line terminators
downloaded
Chrome Cache Entry: 205
ASCII text, with very long lines (7196), with no line terminators
downloaded
Chrome Cache Entry: 206
data
downloaded
Chrome Cache Entry: 207
ASCII text, with very long lines (14836), with no line terminators
downloaded
Chrome Cache Entry: 208
data
downloaded
Chrome Cache Entry: 209
JSON data
dropped
Chrome Cache Entry: 210
ASCII text, with very long lines (3651)
downloaded
Chrome Cache Entry: 211
data
downloaded
Chrome Cache Entry: 212
ASCII text, with very long lines (4255), with no line terminators
downloaded
Chrome Cache Entry: 213
ASCII text, with very long lines (7509), with no line terminators
downloaded
Chrome Cache Entry: 214
HTML document, ASCII text, with very long lines (4279)
downloaded
Chrome Cache Entry: 215
ASCII text, with very long lines (46931), with no line terminators
downloaded
Chrome Cache Entry: 216
Unicode text, UTF-8 text, with very long lines (6236), with no line terminators
downloaded
Chrome Cache Entry: 217
ASCII text, with very long lines (24472), with no line terminators
downloaded
Chrome Cache Entry: 218
ASCII text, with very long lines (4255), with no line terminators
downloaded
Chrome Cache Entry: 219
Unicode text, UTF-8 text, with very long lines (19886), with no line terminators
downloaded
Chrome Cache Entry: 220
Unicode text, UTF-8 text, with very long lines (4949), with no line terminators
downloaded
Chrome Cache Entry: 221
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 222
Unicode text, UTF-8 text, with very long lines (9114), with no line terminators
downloaded
Chrome Cache Entry: 223
data
downloaded
Chrome Cache Entry: 224
Unicode text, UTF-8 text, with very long lines (21765), with no line terminators
downloaded
Chrome Cache Entry: 225
data
downloaded
Chrome Cache Entry: 226
Unicode text, UTF-8 text, with very long lines (30468), with no line terminators
downloaded
Chrome Cache Entry: 227
Unicode text, UTF-8 text, with very long lines (24067), with no line terminators
downloaded
Chrome Cache Entry: 228
ASCII text, with very long lines (1611), with no line terminators
downloaded
Chrome Cache Entry: 229
Unicode text, UTF-8 text, with very long lines (31769)
downloaded
Chrome Cache Entry: 230
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
downloaded
Chrome Cache Entry: 231
ASCII text, with very long lines (10083), with no line terminators
downloaded
Chrome Cache Entry: 232
Unicode text, UTF-8 text, with very long lines (12307), with no line terminators
downloaded
Chrome Cache Entry: 233
data
downloaded
Chrome Cache Entry: 234
data
downloaded
Chrome Cache Entry: 235
ASCII text, with very long lines (1194), with no line terminators
downloaded
Chrome Cache Entry: 236
ASCII text, with very long lines (5931), with no line terminators
downloaded
Chrome Cache Entry: 237
data
downloaded
There are 123 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
 malicious
C:\Users\user\Desktop\Setup_TimeFreeze.exe
C:\Users\user\Desktop\Setup_TimeFreeze.exe
C:\Windows\System32\SgrmBroker.exe
C:\Windows\system32\SgrmBroker.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.toolwiz.com/installwelcome.php?app=timefreeze
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1828,i,18356568087061478674,7293531479562717610,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5276 --field-trial-handle=1828,i,18356568087061478674,7293531479562717610,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
There are 1 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://www.Toolwiz.com/installwelcome.php?app=timefreeze
unknown
http://www.toolwiz.com/installwelcome.php?app=timefreezeC:
unknown
https://github.com/jimmywarting/StreamSaver.js/issues/69
unknown
http://www.Toolwiz.com/installwelcome.php?app=timefreezeH
unknown
http://ocsp.thawte.com0
unknown
http://www.toolwiz.com/installwelcome.php?app=timefreeze
unknown
http://www.toolwiz.com/installwelcome.php?app=timefreeze32
unknown
https://jimmywarting.github.io/StreamSaver.js/mitm.html?version=2.0.0
unknown
https://secure.shareit.com:443/shareit/product.html?productid=300741562&stylefrom=300741562S
unknown
http://www.symauth.com/cps0(
unknown
http://www.Toolwiz.com
unknown
http://www.Toolwiz.com/installwelcome.php?app=timefreezeH7D
unknown
http://www.Toolwiz.com/installwelcome.php?app=timefreezeU
unknown
http://www.toolwiz.com/installwelcome.php?app=timefreezeXWY
unknown
http://toolwiz.com/lead/sdk/
unknown
https://secure.shareit.com:443/shareit/product.html?productid=300741562&stylefrom=300741562
unknown
http://standards.iso.org/iso/19770/-2/2009/schema.xsd
unknown
http://www.toolwiz.com/installwelcome.php?app=timefreezes
unknown
http://www.toolwiz.com/installwelcome.php?app=timefreeze5
unknown
http://www.toolwiz.com/installwelcome.php?app=timefreeze6
unknown
https://feross.org/opensource
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0
unknown
http://www.symauth.com/rpa00
unknown
http://www.Toolwiz.com/installwelcome.php?app=timefreezeb)m
unknown
http://www.toolwiz.com/installwelcome.php?app=timefreezek
unknown
http://toolwiz.com/lead/sdk/U
unknown
http://www.toolwiz.com/installwelcome.php?app=timefreezel.
unknown
http://www.toolwiz.com/installwelcome.php?app=timefreezeo
unknown
http://www.toolwiz.com/installwelcome.php?app=timefreeze.dll
unknown
http://www.Toolwiz.com/installwelcome.php?app=timefreeze8Z2
unknown
http://www.toolwiz.com/installwelcome.php?app=timefreezees
unknown
http://www.Toolwiz.comU
unknown
http://feross.org
unknown
https://www.toolwiz.com/?app=timefreeze
http://www.toolwiz.com/installwelcome.php?app=timefreeze_
unknown
There are 25 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
192.178.50.36
unknown
United States
163.171.228.216
unknown
European Union
1.1.1.1
unknown
Australia
192.178.50.78
unknown
United States
172.217.2.195
unknown
United States
157.240.14.19
unknown
United States
192.168.2.17
unknown
unknown
142.250.217.206
unknown
United States
142.250.217.205
unknown
United States
43.153.109.54
unknown
Japan
157.240.14.35
unknown
United States
142.250.64.168
unknown
United States
239.255.255.250
unknown
Reserved
23.50.113.147
unknown
United States
106.75.109.179
unknown
China
There are 5 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
cval
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Toolwiz\TimefreezeNew
ProgramFile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ToolwizTimeFreeze
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A74D01E-3AEF-4DF4-8404-0056150C97A3}
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A74D01E-3AEF-4DF4-8404-0056150C97A3}
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A74D01E-3AEF-4DF4-8404-0056150C97A3}
DisplayIcon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A74D01E-3AEF-4DF4-8404-0056150C97A3}
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A74D01E-3AEF-4DF4-8404-0056150C97A3}
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A74D01E-3AEF-4DF4-8404-0056150C97A3}
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A74D01E-3AEF-4DF4-8404-0056150C97A3}
DisplayVersion
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TWZFILE\Instances
DefaultInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TWZFILE\Instances\TWZFILE Instance
Altitude
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TWZFILE\Instances\TWZFILE Instance
Flags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TWZFILE
SystemRoot
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TWZDISK
Parameters
HKEY_CURRENT_USER\SOFTWARE\Toolwiz\TimefreezeNew
CURRENT_PROTECT_MODE
HKEY_CURRENT_USER\SOFTWARE\Toolwiz\TimefreezeNew
NEXT_BOOT_PROTECT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}
UpperFilters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem
DisableDeleteNotification
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
c688cf83-9945-5ff6-0e1e-1ff1f8a2ec9a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator
StartWorkerOnServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
Checking to see if mostack override has changed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
UsoCrmScan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
CleanupUsoLogs
There are 14 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
864000
heap
page read and write
22A3000
heap
page read and write
2245E002000
heap
page read and write
5D05DFE000
unkown
page readonly
2245D848000
heap
page read and write
C14067E000
unkown
page readonly
864000
heap
page read and write
864000
heap
page read and write
20960800000
heap
page read and write
864000
heap
page read and write
2245D800000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
95000
stack
page read and write
5D0587E000
stack
page read and write
864000
heap
page read and write
28D0000
trusted library allocation
page read and write
864000
heap
page read and write
864000
heap
page read and write
2245D88F000
heap
page read and write
864000
heap
page read and write
C140276000
stack
page read and write
23B0000
heap
page read and write
5D0515B000
stack
page read and write
2603AC31000
heap
page read and write
864000
heap
page read and write
A5F000
heap
page read and write
864000
heap
page read and write
A0B000
heap
page read and write
864000
heap
page read and write
4CE000
unkown
page read and write
864000
heap
page read and write
2603AC48000
heap
page read and write
CAC4FDC000
stack
page read and write
864000
heap
page read and write
A58000
heap
page read and write
864000
heap
page read and write
55EE000
stack
page read and write
864000
heap
page read and write
864000
heap
page read and write
2245D82B000
heap
page read and write
864000
heap
page read and write
48CF000
stack
page read and write
CAC597E000
unkown
page readonly
864000
heap
page read and write
864000
heap
page read and write
5D061FB000
stack
page read and write
864000
heap
page read and write
864000
heap
page read and write
A5E000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
2245D83B000
heap
page read and write
2245D913000
heap
page read and write
864000
heap
page read and write
20960816000
heap
page read and write
864000
heap
page read and write
24D0000
direct allocation
page read and write
20960802000
heap
page read and write
864000
heap
page read and write
2245D891000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
5D05BFB000
stack
page read and write
2603B402000
heap
page read and write
2603AAF0000
heap
page read and write
24CC000
direct allocation
page read and write
2603B502000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
2245D900000
heap
page read and write
864000
heap
page read and write
163E5000000
heap
page read and write
864000
heap
page read and write
CAC5C7E000
unkown
page readonly
2245D86F000
heap
page read and write
2245D902000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
4D0000
unkown
page read and write
864000
heap
page read and write
CAC637D000
stack
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
7F5000
heap
page read and write
864000
heap
page read and write
20960870000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
2603ACB1000
heap
page read and write
5D05FFE000
stack
page read and write
20961002000
trusted library allocation
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
22A0000
heap
page read and write
864000
heap
page read and write
AC4000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
3120000
heap
page read and write
4691000
heap
page read and write
5D057FE000
unkown
page readonly
163E5046000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
217E000
heap
page read and write
5D056FD000
stack
page read and write
A00000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
163E4FE0000
trusted library allocation
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
209607E0000
trusted library allocation
page read and write
864000
heap
page read and write
864000
heap
page read and write
5D063FE000
stack
page read and write
864000
heap
page read and write
864000
heap
page read and write
2F3E000
stack
page read and write
864000
heap
page read and write
49B0000
trusted library allocation
page read and write
864000
heap
page read and write
2603B526000
heap
page read and write
864000
heap
page read and write
163E4EA0000
heap
page read and write
864000
heap
page read and write
5D059FE000
stack
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
20960837000
heap
page read and write
220F000
stack
page read and write
864000
heap
page read and write
EAA0EFE000
unkown
page readonly
2245DAE0000
heap
page read and write
EAA0DFC000
stack
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
860000
heap
page read and write
2245D851000
heap
page read and write
864000
heap
page read and write
C13FCAB000
stack
page read and write
864000
heap
page read and write
47CE000
stack
page read and write
AA5000
heap
page read and write
163E5802000
trusted library allocation
page read and write
864000
heap
page read and write
5D058FE000
unkown
page readonly
864000
heap
page read and write
2603AC68000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
C14037E000
unkown
page readonly
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
1F0000
heap
page read and write
864000
heap
page read and write
2EFF000
stack
page read and write
864000
heap
page read and write
864000
heap
page read and write
2245D802000
heap
page read and write
4D2000
unkown
page read and write
2118000
heap
page read and write
209607B0000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
A41000
heap
page read and write
494E000
stack
page read and write
864000
heap
page read and write
7FA000
heap
page read and write
5D060FE000
unkown
page readonly
46A0000
heap
page read and write
864000
heap
page read and write
4C9000
unkown
page write copy
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
CAC5D7E000
unkown
page readonly
850000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
2603B52B000
heap
page read and write
CAC5E7E000
stack
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
CAC5A7E000
stack
page read and write
20960902000
heap
page read and write
5D064FE000
unkown
page readonly
864000
heap
page read and write
864000
heap
page read and write
EAA0FFE000
unkown
page readonly
7A0000
heap
page read and write
54AF000
stack
page read and write
24B0000
direct allocation
page read and write
CAC5CFE000
stack
page read and write
4692000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
400000
unkown
page readonly
CAC627E000
unkown
page readonly
163E5002000
heap
page read and write
864000
heap
page read and write
2603AC16000
heap
page read and write
864000
heap
page read and write
4690000
heap
page read and write
864000
heap
page read and write
2603AD02000
heap
page read and write
CAC617E000
unkown
page readonly
CAC677E000
unkown
page readonly
864000
heap
page read and write
864000
heap
page read and write
209606D0000
heap
page read and write
23AF000
stack
page read and write
5D05D7E000
stack
page read and write
864000
heap
page read and write
864000
heap
page read and write
163E4FA0000
heap
page read and write
4C9000
unkown
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
18C000
stack
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
163E502B000
heap
page read and write
EAA0A7B000
stack
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
24C8000
direct allocation
page read and write
163E5102000
heap
page read and write
2245D7E0000
heap
page read and write
24C8000
direct allocation
page read and write
864000
heap
page read and write
490E000
stack
page read and write
2245DF70000
trusted library allocation
page read and write
2245D883000
heap
page read and write
864000
heap
page read and write
401000
unkown
page execute read
864000
heap
page read and write
83E000
stack
page read and write
A45000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
C14087E000
unkown
page readonly
864000
heap
page read and write
163E5074000
heap
page read and write
864000
heap
page read and write
2290000
direct allocation
page execute and read and write
864000
heap
page read and write
2245E015000
heap
page read and write
2603ABF0000
heap
page read and write
864000
heap
page read and write
2096086B000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
163E5013000
heap
page read and write
163E5046000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
2603AC13000
heap
page read and write
864000
heap
page read and write
2245DA00000
heap
page read and write
CAC5F7E000
unkown
page readonly
864000
heap
page read and write
2245E000000
heap
page read and write
864000
heap
page read and write
5D062FE000
unkown
page readonly
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
5D05AFE000
unkown
page readonly
864000
heap
page read and write
864000
heap
page read and write
C140B7E000
stack
page read and write
7C0000
heap
page read and write
864000
heap
page read and write
2603AC00000
heap
page read and write
4D2000
unkown
page write copy
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
5D05CFE000
unkown
page readonly
20960857000
heap
page read and write
C14097E000
stack
page read and write
4790000
trusted library allocation
page read and write
5D05E7E000
stack
page read and write
163E4EC0000
heap
page read and write
163E505A000
heap
page read and write
5D05EFE000
unkown
page readonly
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
A6E000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
20960862000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
10000
unclassified section
page readonly
224E000
stack
page read and write
CAC66FE000
stack
page read and write
864000
heap
page read and write
20960813000
heap
page read and write
864000
heap
page read and write
AD4000
heap
page read and write
4D7000
unkown
page readonly
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
66D000
unkown
page readonly
864000
heap
page read and write
864000
heap
page read and write
A78000
heap
page read and write
52AF000
stack
page read and write
864000
heap
page read and write
C14077E000
stack
page read and write
2096082D000
heap
page read and write
2603B500000
heap
page read and write
2245D813000
heap
page read and write
24D0000
direct allocation
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
20960848000
heap
page read and write
CAC61FE000
stack
page read and write
864000
heap
page read and write
C140A7E000
unkown
page readonly
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
CAC607D000
stack
page read and write
864000
heap
page read and write
864000
heap
page read and write
163E5022000
heap
page read and write
864000
heap
page read and write
209606B0000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
56EF000
stack
page read and write
2603B53A000
heap
page read and write
864000
heap
page read and write
2603B532000
heap
page read and write
C14057B000
stack
page read and write
864000
heap
page read and write
2603AB10000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
2245D80B000
heap
page read and write
864000
heap
page read and write
EAA0BFE000
stack
page read and write
163E4FD0000
trusted library allocation
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
2603AC37000
heap
page read and write
19D000
stack
page read and write
A1E000
heap
page read and write
C140C7E000
unkown
page readonly
864000
heap
page read and write
864000
heap
page read and write
2603AC87000
heap
page read and write
CAC5BFC000
stack
page read and write
864000
heap
page read and write
303D000
stack
page read and write
864000
heap
page read and write
CAC5B7E000
unkown
page readonly
864000
heap
page read and write
CAC647E000
unkown
page readonly
864000
heap
page read and write
1C0000
unclassified section
page readonly
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
CAC587D000
stack
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
864000
heap
page read and write
2603B280000
trusted library allocation
page read and write
2603AC48000
heap
page read and write
2DFE000
stack
page read and write
7F0000
heap
page read and write
864000
heap
page read and write
There are 420 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://www.toolwiz.com/?app=timefreeze