Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\tportable-x64.5.5.5.zip (copy)
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\34yqvajp.yju\Telegram\Telegram.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\34yqvajp.yju\Telegram\modules\x64\d3d\d3dcompiler_47.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 23:47:38 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 23:47:38 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 23:47:38 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 23:47:38 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 23:47:38 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Downloads\012cb3cd-41cf-435d-b141-c65927ddb5ee.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Downloads\0b8031df-20d6-4a21-b2d6-249cd53d0db3.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Downloads\737aae4f-9d8d-422f-bbc8-503542a1420e.tmp
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\Downloads\Unconfirmed 103549.crdownload
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Downloads\Unconfirmed 342131.crdownload
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Downloads\tportable-x64.5.5.5.zip.crdownload
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
|
Chrome Cache Entry: 100
|
ASCII text, with very long lines (42164)
|
downloaded
|
||
|
Chrome Cache Entry: 101
|
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
downloaded
|
||
|
Chrome Cache Entry: 102
|
Web Open Font Format (Version 2), TrueType, length 11040, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 103
|
PNG image data, 840 x 487, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 104
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 105
|
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
Chrome Cache Entry: 87
|
ASCII text, with very long lines (42164)
|
downloaded
|
||
|
Chrome Cache Entry: 88
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 89
|
PNG image data, 21 x 17, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 90
|
ASCII text, with very long lines (1267)
|
downloaded
|
||
|
Chrome Cache Entry: 91
|
ASCII text
|
dropped
|
||
|
Chrome Cache Entry: 92
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 93
|
ASCII text, with very long lines (2979), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 94
|
PNG image data, 840 x 487, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 95
|
ASCII text, with very long lines (1267)
|
downloaded
|
||
|
Chrome Cache Entry: 96
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
Chrome Cache Entry: 97
|
ASCII text, with very long lines (2979), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 98
|
Web Open Font Format (Version 2), TrueType, length 11028, version 1.0
|
downloaded
|
||
|
Chrome Cache Entry: 99
|
PNG image data, 21 x 17, 8-bit/color RGBA, non-interlaced
|
dropped
|
There are 26 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2012,i,5296181332326272263,8081676399308569334,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://investors.spotify.com.sg.misteri.us.kg/"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US
--service-sandbox-type=icon_reader --mojo-platform-channel-handle=4200 --field-trial-handle=2012,i,5296181332326272263,8081676399308569334,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US
--service-sandbox-type=icon_reader --mojo-platform-channel-handle=4308 --field-trial-handle=2012,i,5296181332326272263,8081676399308569334,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
|
|
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\34yqvajp.yju" "C:\Users\user\Downloads\tportable-x64.5.5.5.zip"
|
|
|
|
C:\Users\user\AppData\Local\Temp\34yqvajp.yju\Telegram\Telegram.exe
|
C:\Users\user\AppData\Local\Temp\34yqvajp.yju\Telegram\Telegram.exe
|
|
|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\tportable-x64.5.5.5.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C "C:\Users\user\AppData\Local\Temp\34yqvajp.yju\Telegram\Telegram.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://investors.spotify.com.sg.misteri.us.kg/
|
|
||
|
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
|
unknown
|
||
|
https://telesco.pe/
|
unknown
|
||
|
https://api.mapbox.com/mapbox-gl-js/v3.4.0/mapbox-gl.js
|
unknown
|
||
|
http://anglebug.com/5658Even
|
unknown
|
||
|
https://promote.telegram.org
|
unknown
|
||
|
https://telegram.org/blog/monetization-for-channelsAd
|
unknown
|
||
|
http://anglebug.com/1423136Disables
|
unknown
|
||
|
https://chromium.googlesource.com/angle/angle/
|
unknown
|
||
|
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
|
unknown
|
||
|
https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension
|
unknown
|
||
|
https://anglebug.com/7246Force
|
unknown
|
||
|
http://bugreports.qt.io/
|
unknown
|
||
|
https://issuetracker.google.com/220069903
|
unknown
|
||
|
http://anglebug.com/7279Emulate
|
unknown
|
||
|
https://telegram.org/tos
|
unknown
|
||
|
https://twitter.com/hashtag/
|
unknown
|
||
|
https://t.me/c/%1/%2
|
unknown
|
||
|
https://streams.videolan.org/upload/
|
unknown
|
||
|
https://github.com/telegramdesktop/tdesktopGNU
|
unknown
|
||
|
https://snapcraft.io/telegram-desktop
|
unknown
|
||
|
https://core.telegram.org/apihttps://promote.telegram.org
|
unknown
|
||
|
https://telegram.org/privacy
|
unknown
|
||
|
https://crbug.com/650547
|
unknown
|
||
|
https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLVazirmatn
|
unknown
|
||
|
https://flathub.org/apps/details/org.telegram.desktop
|
unknown
|
||
|
https://issuetracker.google.com/220069903Force
|
unknown
|
||
|
https://github.com/rastikerdar/vazirmatn)Vazirmatn
|
unknown
|
||
|
https://telegram.org/privacy-tpa
|
unknown
|
||
|
https://github.com/davelab6/Roboto-ClassicThis
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
|
unknown
|
||
|
http://anglebug.com/2152
|
unknown
|
||
|
http://www.phreedom.org/md5)
|
unknown
|
||
|
https://core.telegram.org/api
|
unknown
|
||
|
https://anglebug.com/7246
|
unknown
|
||
|
http://anglebug.com/5007Disable
|
unknown
|
||
|
https://tdesktop.com/
|
unknown
|
||
|
https://desktop.telegram.org/
|
|||
|
https://crbug.com/593024
|
unknown
|
||
|
https://telegram.org/faq#general-questionsTelegram
|
unknown
|
||
|
http://anglebug.com/7724
|
unknown
|
||
|
http://anglebug.com/7760Write
|
unknown
|
||
|
http://anglebug.com/3246
|
unknown
|
||
|
http://crbug.com/941620
|
unknown
|
||
|
https://desktop.telegram.org
|
unknown
|
||
|
https://td.telegram.org/
|
unknown
|
||
|
https://desktop.telegram.orghttps://snapcraft.io/telegram-desktophttps://flathub.org/apps/details/or
|
unknown
|
||
|
https://crbug.com/655534Using
|
unknown
|
||
|
http://anglebug.com/7279
|
unknown
|
||
|
http://anglebug.com/7036
|
unknown
|
||
|
https://telegram.org/tos/starsSubscription
|
unknown
|
||
|
http://anglebug.com/2152On
|
unknown
|
||
|
http://anglebug.com/5658
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
|
unknown
|
||
|
https://t.me/$premium.promo_screen_showpremium.promo_screen_acceptpremium_promo_ordersourceprofile_:
|
unknown
|
||
|
http://anglebug.com/1452
|
unknown
|
||
|
http://anglebug.com/7036Enable
|
unknown
|
||
|
https://tdesktop.com/crash.php?act=query_report&apiid=%1&version=%2&dmp=%3&platform=%4
|
unknown
|
||
|
https://telegram.org/tos/starsMedia
|
unknown
|
||
|
https://telegram.org/tos/starsAll
|
unknown
|
||
|
http://html4/loose.dtd
|
unknown
|
||
|
https://t.me/
|
unknown
|
||
|
http://www.phreedom.org/md5)08:27
|
unknown
|
||
|
https://telegram.org/blog/telegram-starsUnlock
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01x
|
unknown
|
||
|
https://github.com/telegramdesktop/tdesktop/blob/master/LICENSEdeThe
|
unknown
|
||
|
http://anglebug.com/7761Check
|
unknown
|
||
|
http://anglebug.com/5007
|
unknown
|
||
|
https://crbug.com/593024Copying
|
unknown
|
||
|
https://desktop.telegram.org/changelog
|
unknown
|
||
|
https://crbug.com/1053756
|
unknown
|
||
|
http://.css
|
unknown
|
||
|
http://anglebug.com/3682There
|
unknown
|
||
|
https://telegram.org/tos/mini-appsNotification
|
unknown
|
||
|
http://anglebug.com/5750
|
unknown
|
||
|
http://anglebug.com/6041Force-enable
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
|
unknown
|
||
|
https://github.com/telegramdesktop/tdesktop/blob/master/LICENSE
|
unknown
|
||
|
http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
|
unknown
|
||
|
https://api.mapbox.com/search/geocode/v6/reverse?longitude=%1&latitude=%2&language=%3&access_token=%
|
unknown
|
||
|
https://telegram.org/
|
unknown
|
||
|
https://ads.telegram.orgTelegram
|
unknown
|
||
|
http://anglebug.com/6041
|
unknown
|
||
|
http://anglebug.com/5750Set
|
unknown
|
||
|
https://maps.google.com/maps?q=
|
unknown
|
||
|
https://t.me/TelegramTipsWarningYou
|
unknown
|
||
|
http://anglebug.com/1423136
|
unknown
|
||
|
http://.jpg
|
unknown
|
||
|
https://scripts.sil.org/OFLhttps://scripts.sil.org/OFL
|
unknown
|
||
|
https://webrtc.googlesource.com/src/
|
unknown
|
||
|
http://crbug.com/941620Some
|
unknown
|
||
|
https://promote.telegram.org/guidelines
|
unknown
|
||
|
https://github.com/telegramdesktop/tdesktop
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://anglebug.com/3682
|
unknown
|
||
|
http://anglebug.com/7761
|
unknown
|
||
|
https://crbug.com/1053756ICE
|
unknown
|
||
|
http://anglebug.com/7760
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
There are 90 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
1.1.1.1
|
unknown
|
Australia
|
||
|
108.177.15.84
|
unknown
|
United States
|
||
|
172.217.18.3
|
unknown
|
United States
|
||
|
104.21.47.42
|
unknown
|
United States
|
||
|
142.250.185.132
|
unknown
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
142.250.185.227
|
unknown
|
United States
|
||
|
149.154.167.99
|
unknown
|
United Kingdom
|
||
|
192.168.2.6
|
unknown
|
unknown
|
||
|
216.58.206.46
|
unknown
|
United States
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.184.206
|
unknown
|
United States
|
There are 3 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
178F000
|
stack
|
page read and write
|
||
|
7FF6597D8000
|
unkown
|
page readonly
|
||
|
E70000
|
heap
|
page read and write
|
||
|
2F8D000
|
stack
|
page read and write
|
||
|
7FF6596B1000
|
unkown
|
page readonly
|
||
|
1070000
|
trusted library allocation
|
page read and write
|
||
|
34AE000
|
stack
|
page read and write
|
||
|
7FF65BA5F000
|
unkown
|
page write copy
|
||
|
319F000
|
trusted library allocation
|
page read and write
|
||
|
168E000
|
stack
|
page read and write
|
||
|
7FF654BC0000
|
unkown
|
page readonly
|
||
|
F6C000
|
stack
|
page read and write
|
||
|
56DE000
|
stack
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
7FF65BA73000
|
unkown
|
page write copy
|
||
|
1250000
|
trusted library allocation
|
page read and write
|
||
|
31A2000
|
trusted library allocation
|
page read and write
|
||
|
1650000
|
heap
|
page read and write
|
||
|
BF9000
|
stack
|
page read and write
|
||
|
7FF6596D2000
|
unkown
|
page readonly
|
||
|
31B0000
|
trusted library allocation
|
page read and write
|
||
|
109E000
|
heap
|
page read and write
|
||
|
7F400000
|
trusted library allocation
|
page execute and read and write
|
||
|
30BD000
|
heap
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
10B8000
|
heap
|
page read and write
|
||
|
52DE000
|
stack
|
page read and write
|
||
|
7FF65BA5A000
|
unkown
|
page write copy
|
||
|
531D000
|
stack
|
page read and write
|
||
|
3070000
|
trusted library allocation
|
page read and write
|
||
|
7FF65C485000
|
unkown
|
page write copy
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
7FF65BA49000
|
unkown
|
page write copy
|
||
|
7FF65BA66000
|
unkown
|
page write copy
|
||
|
31AA000
|
trusted library allocation
|
page read and write
|
||
|
107B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4141000
|
trusted library allocation
|
page read and write
|
||
|
7FF65BA80000
|
unkown
|
page write copy
|
||
|
7FF659B8F000
|
unkown
|
page readonly
|
||
|
1020000
|
trusted library allocation
|
page read and write
|
||
|
303E000
|
unkown
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
7FF659C0A000
|
unkown
|
page readonly
|
||
|
7FF6591C1000
|
unkown
|
page execute read
|
||
|
158F000
|
stack
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
317A000
|
trusted library allocation
|
page read and write
|
||
|
1430000
|
trusted library allocation
|
page read and write
|
||
|
1458000
|
heap
|
page read and write
|
||
|
31C3000
|
trusted library allocation
|
page read and write
|
||
|
559E000
|
stack
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
104C000
|
trusted library allocation
|
page execute and read and write
|
||
|
148F000
|
stack
|
page read and write
|
||
|
541D000
|
stack
|
page read and write
|
||
|
BFB000
|
stack
|
page read and write
|
||
|
7FF65BA5D000
|
unkown
|
page write copy
|
||
|
7FF65BA62000
|
unkown
|
page write copy
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
7FF6596D7000
|
unkown
|
page readonly
|
||
|
7FF657DC1000
|
unkown
|
page execute read
|
||
|
7FF6597C8000
|
unkown
|
page readonly
|
||
|
545E000
|
stack
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
30CD000
|
heap
|
page read and write
|
||
|
122E000
|
stack
|
page read and write
|
||
|
11CE000
|
stack
|
page read and write
|
||
|
3170000
|
trusted library allocation
|
page read and write
|
||
|
7FF659502000
|
unkown
|
page readonly
|
||
|
3530000
|
heap
|
page read and write
|
||
|
7FF65BA68000
|
unkown
|
page write copy
|
||
|
363F000
|
stack
|
page read and write
|
||
|
12FD000
|
stack
|
page read and write
|
||
|
138E000
|
stack
|
page read and write
|
||
|
109B000
|
heap
|
page read and write
|
||
|
7FF65BA7D000
|
unkown
|
page write copy
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
10D8000
|
heap
|
page read and write
|
||
|
104A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF6596C8000
|
unkown
|
page readonly
|
||
|
2F30000
|
trusted library allocation
|
page read and write
|
||
|
317C000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
trusted library allocation
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
106A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1077000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF6597AF000
|
unkown
|
page readonly
|
||
|
103A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF65BA82000
|
unkown
|
page write copy
|
||
|
1062000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E8D000
|
stack
|
page read and write
|
||
|
57DE000
|
stack
|
page read and write
|
||
|
3141000
|
trusted library allocation
|
page read and write
|
||
|
7FF65B91B000
|
unkown
|
page write copy
|
||
|
336F000
|
unkown
|
page read and write
|
||
|
1042000
|
trusted library allocation
|
page execute and read and write
|
||
|
31A7000
|
trusted library allocation
|
page read and write
|
||
|
EFE000
|
stack
|
page read and write
|
||
|
7FF6597BF000
|
unkown
|
page readonly
|
||
|
7FF65B00A000
|
unkown
|
page readonly
|
||
|
7FF654BC1000
|
unkown
|
page execute read
|
||
|
1450000
|
heap
|
page read and write
|
||
|
3195000
|
trusted library allocation
|
page read and write
|
||
|
7FF6587C1000
|
unkown
|
page execute read
|
||
|
7FF6555C1000
|
unkown
|
page execute read
|
||
|
7FF65BA3E000
|
unkown
|
page write copy
|
||
|
10ED000
|
heap
|
page read and write
|
||
|
7FF65BA2D000
|
unkown
|
page write copy
|
||
|
3370000
|
heap
|
page read and write
|
||
|
7FF6569C1000
|
unkown
|
page execute read
|
||
|
319B000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
7FF65BA1E000
|
unkown
|
page write copy
|
||
|
164F000
|
stack
|
page read and write
|
||
|
7FF65B90A000
|
unkown
|
page write copy
|
||
|
7FF655FC1000
|
unkown
|
page execute read
|
||
|
569E000
|
stack
|
page read and write
|
||
|
EBE000
|
stack
|
page read and write
|
||
|
31C1000
|
trusted library allocation
|
page read and write
|
||
|
F35000
|
heap
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
1032000
|
trusted library allocation
|
page execute and read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
7FF65BA85000
|
unkown
|
page write copy
|
||
|
30AB000
|
heap
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF65BA19000
|
unkown
|
page write copy
|
||
|
F30000
|
heap
|
page read and write
|
||
|
BF6000
|
stack
|
page read and write
|
||
|
1260000
|
heap
|
page execute and read and write
|
||
|
7FF6573C1000
|
unkown
|
page execute read
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
7FF65A60A000
|
unkown
|
page readonly
|
||
|
555D000
|
stack
|
page read and write
|
||
|
318A000
|
trusted library allocation
|
page read and write
|
||
|
2F65000
|
heap
|
page read and write
|
||
|
10D2000
|
heap
|
page read and write
|
There are 130 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://desktop.telegram.org/
|