Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Local\Temp\webwcryn.4k5\new-2048176346.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Name of Creating Application:
Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Wed Nov 24 13:02:13 2021, Security: 0
|
dropped
|
 |
|
|
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
|
data
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\02075ce4-1d91-4b2b-a739-bc8ac342dc4b.tmp
|
ASCII text, with very long lines, with no line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\192520eb-2bde-4020-8c7b-eba88eec3553.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\55143009-8041-40b5-91ed-d73c44c5bec4.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\5ea14e38-aed2-4584-be4b-914b462ae2f4.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\6e8fc09e-9c68-444c-a10a-c4d0a26e7e27.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\82eff488-1d66-4fda-b9a5-5fc7e9acafb7.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\871238ee-f035-4881-8e0c-1639e86c7ad3.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\98762c02-18cd-4bdd-aded-c0951ebd276d.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0d0e3b03-aa61-4f82-bc17-500620085963.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\10dd846f-83bc-4342-a3d3-76d079f9b9d7.tmp
|
ASCII text, with very long lines, with no line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\141f427a-af72-4a42-9e35-48e08bccfb4a.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\248a4332-23c1-4649-800c-6c44f31cf0a5.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3662965d-c6b0-497a-9411-8f7a1cdded30.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3dc995d3-862c-49f6-b5b2-50b52cb90d53.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\50b7666c-d418-4e66-994a-abfbb8ca0602.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6172a17e-dade-463a-bc46-3cd107d284f5.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7516e95c-b10e-4da2-b7d0-1c1b30344a91.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9869c764-8479-4fed-a2c4-14b66d8eb40c.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.oldG (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CURRENT. (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CURRENTT (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
|
SQLite 3.x database, last written using SQLite version 3032001
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.oldoi (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old@ (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old. (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.oldg (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
|
SQLite 3.x database, last written using SQLite version 3032001
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Session.{ (copy)
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Tabsd (copy)
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
|
PGP\011Secret Key -
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000002
|
MPEG-4 LOAS
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent Statemp (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.oldr (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences* (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL
|
SQLite 3.x database, last written using SQLite version 3032001
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences0q (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesDe (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldMP (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\032bd314-c0ad-43ff-859e-805db691f873.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old
(copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.olde/
(copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG.old
(copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\5314b2be-46f0-4012-8f43-eed4843e1078.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG.oldg
(copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent
Statei (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG.oldg
(copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG.old
(copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
(copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
|
MPEG-4 LOAS
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e1b83851-7f64-4365-a3b4-5cc609abd707.tmp
|
very short file (no magic)
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e492a2ec-6a30-4c7b-9bc7-017de4d4916c.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State1 (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info CacheMP (copy)
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir676_1884660702\Ruleset Data
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\a59f0fe5-e81b-41e3-9aea-9a5db8bf100b.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\cc231be7-6de0-4158-af18-32fc9eec0d81.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\F90B3D14-54E1-4326-A222-CA0FF043C276
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\27038ea0-529c-4aa0-bbfc-39fc0b911dc8.tmp
|
Google Chrome extension, version 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\2879ecf8-ca29-4638-907b-537ca21172fc.tmp
|
Google Chrome extension, version 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\5b5f5261-4fd5-4ba0-86aa-8fd6fc2ffb60.tmp
|
very short file (no magic)
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\676_1656799962\Filtering Rules
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\676_1656799962\LICENSE.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\676_1656799962\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\676_1656799962\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\676_1656799962\manifest.json
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\browser-sslkeys.log
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\d0afa5a6-350b-4ca2-94ce-7d9d12ecc437.tmp
|
very short file (no magic)
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\e4mv0t3c.b0c\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\27038ea0-529c-4aa0-bbfc-39fc0b911dc8.tmp
|
Google Chrome extension, version 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\bg\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\ca\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\cs\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\da\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\de\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\el\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\en\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\en_GB\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\es\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\es_419\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\et\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\fi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\fil\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\fr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\hi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\hr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\hu\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\id\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\it\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\ja\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\ko\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\lt\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\lv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\nb\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\nl\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\pl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\pt_BR\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\pt_PT\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\ro\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\ru\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\sk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\sl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\sr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\sv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\th\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\tr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\uk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\vi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\zh_CN\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_locales\zh_TW\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\craw_background.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\craw_window.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\css\craw_window.css
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\html\craw_window.html
|
HTML document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\images\flapper.gif
|
GIF image data, version 89a, 30 x 30
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\images\icon_128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\images\icon_16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\images\topbar_floating_button.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\images\topbar_floating_button_close.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\images\topbar_floating_button_hover.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\images\topbar_floating_button_maximize.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\images\topbar_floating_button_pressed.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_1581278968\CRX_INSTALL\manifest.json
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\2879ecf8-ca29-4638-907b-537ca21172fc.tmp
|
Google Chrome extension, version 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\am\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\ar\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\bg\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\bn\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\ca\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\cs\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\da\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\de\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\el\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\en\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\es\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\et\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\fa\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\fi\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\fil\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\fr\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\gu\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\hi\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\hr\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\hu\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\id\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\it\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\iw\messages.json
|
HTML document, ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\ja\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\kn\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\ko\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\lt\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\lv\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\ml\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\mr\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\ms\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\nb\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\nl\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\pl\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\pt\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\ro\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\ru\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\sk\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\sl\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\sr\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\sv\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\sw\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\ta\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\te\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\th\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\tr\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\uk\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\vi\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\zh\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_locales\zh_TW\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\angular.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\background_script.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\cast_sender.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\common.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\feedback.css
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\feedback.html
|
HTML document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\feedback_script.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\manifest.json
|
ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\material_css_min.css
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\mirroring_cast_streaming.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\mirroring_common.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\mirroring_hangouts.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir676_964466428\CRX_INSTALL\mirroring_webrtc.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF706937ADB0FEF781.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\Downloads\0a22b7a7-f9f1-463a-b21c-1dad8200ac24.tmp
|
Zip archive data, at least v2.0 to extract
|
dropped
|
|
|
|
C:\Users\user\Downloads\laboriosampariatur-6199055.zip.crdownload3{ (copy)
|
Zip archive data, at least v2.0 to extract
|
dropped
|
|
|
|
C:\Users\user\Downloads\laboriosampariatur-6199055.zip:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
There are 248 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /dde
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
"C:\Windows\System32\regsvr32.exe" C:\Datop\besta.ocx
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
"C:\Windows\System32\regsvr32.exe" C:\Datop\bestb.ocx
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
"C:\Windows\System32\regsvr32.exe" C:\Datop\bestc.ocx
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://vulkanbonus.karmaguru.in/voluptasquis/laboriosampariatur-6199055
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,3653659809805504951,3020769216982181712,131072
--lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1956 /prefetch:8
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1528,3653659809805504951,3020769216982181712,131072
--lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=6296 /prefetch:8
|
|
|
|
C:\Windows\SysWOW64\unarchiver.exe
|
C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\laboriosampariatur-6199055.zip
|
|
|
|
C:\Windows\SysWOW64\7za.exe
|
C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\webwcryn.4k5" "C:\Users\user\Downloads\laboriosampariatur-6199055.zip
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe" /C "C:\Users\user\AppData\Local\Temp\webwcryn.4k5\new-2048176346.xls
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://vulkanbonus.karmaguru.in/voluptasquis/laboriosampariatur-6199055
|
|
||
|
https://api.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://login.microsoftonline.com/
|
unknown
|
|
|
|
https://shell.suite.office.com:1443
|
unknown
|
|
|
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
|
|
|
https://apis.google.com/js/client.js
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/
|
unknown
|
|
|
|
https://roaming.edog.
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
|
|
|
https://cdn.entity.
|
unknown
|
|
|
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
|
|
|
https://crash.corp.google.com/samples?reportid=&q=
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
|
|
|
https://powerlift.acompli.net
|
unknown
|
|
|
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
|
|
|
https://easylist.to/)
|
unknown
|
|
|
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
|
|
|
https://cortana.ai
|
unknown
|
|
|
|
http://vulkanbonus.karmaguru.in/voluptasquis/laboriosampariatur-61990552
|
unknown
|
|
|
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
|
unknown
|
|
|
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
|
|
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
|
|
|
https://api.aadrm.com/
|
unknown
|
|
|
|
https://preprod-hangouts-googleapis.sandbox.google.com
|
unknown
|
|
|
|
https://orthomay.com.br/GD7A3PSD4zc/tw.html
|
108.179.253.213
|
|
|
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
|
|
|
https://www.google.com
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
|
|
|
https://hangouts.google.com/hangouts/_/logpref
|
unknown
|
|
|
|
https://api.microsoftstream.com/api/
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
|
|
|
https://cr.office.com
|
unknown
|
|
|
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
|
|
|
https://creativecommons.org/publicdomain/zero/1.0/.
|
unknown
|
|
|
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
|
|
|
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
|
unknown
|
|
|
|
https://mustafakhafimsp.af/UnE5kOnX/tw.html
|
104.161.44.139
|
|
|
|
https://github.com/madler/zlib/blob/master/zlib.h
|
unknown
|
|
|
|
https://graph.ppe.windows.net
|
unknown
|
|
|
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
|
|
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
|
|
|
https://tasks.office.com
|
unknown
|
|
|
|
https://officeci.azurewebsites.net/api/
|
unknown
|
|
|
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
|
|
|
https://www.google.com/tools/feedback
|
unknown
|
|
|
|
https://dns.google
|
unknown
|
|
|
|
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
|
unknown
|
|
|
|
https://store.office.cn/addinstemplate
|
unknown
|
|
|
|
https://support.google.com/chromecast/troubleshooter/2995236
|
unknown
|
|
|
|
https://api.aadrm.com
|
unknown
|
|
|
|
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
|
unknown
|
|
|
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
|
|
|
http://vulkanbonus.karmaguru.in/voluptasquis/laboriosampariatur-6199055/0(m
|
unknown
|
|
|
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.250.203.110
|
|
|
|
https://globaldisco.crm.dynamics.com
|
unknown
|
|
|
|
https://payments.google.com/payments/v4/js/integrator.js
|
unknown
|
|
|
|
https://www.google.com;
|
unknown
|
|
|
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
|
|
|
https://www.odwebp.svc.ms
|
unknown
|
|
|
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
|
|
|
https://web.microsoftstream.com/video/
|
unknown
|
|
|
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
|
|
|
https://www.google.com/images/x2.gif
|
unknown
|
|
|
|
https://graph.windows.net
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/
|
unknown
|
|
|
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
|
|
|
https://analysis.windows.net/powerbi/api
|
unknown
|
|
|
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
|
|
|
https://www.google.com/images/dot2.gif
|
unknown
|
|
|
|
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
|
|
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
|
|
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
http://tools.ietf.org/html/rfc1950
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
|
|
|
http://vulkanbonus.karmaguru.in/voluptasquis/laboriosampariatur-6199055http://vulkanbonus.karmaguru.
|
unknown
|
|
|
|
https://ncus.contentsync.
|
unknown
|
|
|
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
|
|
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
|
|
|
http://weather.service.msn.com/data.aspx
|
unknown
|
|
|
|
https://apis.live.net/v5.0/
|
unknown
|
|
|
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
|
|
|
https://docs.google.com
|
unknown
|
|
|
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://www.google.com/
|
unknown
|
|
|
|
https://feedback.googleusercontent.com
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
|
|
|
https://clients6.google.com
|
unknown
|
|
|
|
https://management.azure.com
|
unknown
|
|
|
|
https://outlook.office365.com
|
unknown
|
|
|
|
https://wus2.contentsync.
|
unknown
|
|
|
|
https://incidents.diagnostics.office.com
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
|
|
|
https://www.google.com/images/cleardot.gif
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
|
|
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vulkanbonus.karmaguru.in
|
116.206.105.115
|
|
|
|
accounts.google.com
|
172.217.168.45
|
|
|
|
mustafakhafimsp.af
|
104.161.44.139
|
|
|
|
orthomay.com.br
|
108.179.253.213
|
|
|
|
clients.l.google.com
|
142.250.203.110
|
|
|
|
quebradadigital.com.br
|
108.179.253.213
|
|
|
|
googlehosted.l.googleusercontent.com
|
142.250.203.97
|
|
|
|
clients2.googleusercontent.com
|
unknown
|
|
|
|
clients2.google.com
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.1
|
unknown
|
unknown
|
|
|
|
142.250.203.110
|
clients.l.google.com
|
United States
|
|
|
|
192.168.2.7
|
unknown
|
unknown
|
|
|
|
192.168.2.4
|
unknown
|
unknown
|
|
|
|
192.168.2.3
|
unknown
|
unknown
|
|
|
|
172.217.168.45
|
accounts.google.com
|
United States
|
|
|
|
108.179.253.213
|
orthomay.com.br
|
United States
|
|
|
|
142.250.203.97
|
googlehosted.l.googleusercontent.com
|
United States
|
|
|
|
104.161.44.139
|
mustafakhafimsp.af
|
United States
|
|
|
|
239.255.255.250
|
unknown
|
Reserved
|
|
|
|
116.206.105.115
|
vulkanbonus.karmaguru.in
|
Seychelles
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
|
There are 2 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\SysWOW64\unarchiver.exe.FriendlyAppName
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\SysWOW64\unarchiver.exe.ApplicationCompany
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mfehgcgbbipciphmccgaenjidiccnmng
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
pkedcjkdefgpdelpbcmbmeomcjbeemfm
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
pkedcjkdefgpdelpbcmbmeomcjbeemfm
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blacklist_cache_md5_digest
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
|
Implementing
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Excel\system
|
ProcessName
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Excel\system
|
WindowName
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Excel\system
|
WindowClassName
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\f0\52C64B7E
|
@C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\oregres.dll,-206
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE.FriendlyAppName
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE.ApplicationCompany
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
3%6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
4%6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
/+6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\31F90
|
31F90
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\32184
|
32184
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\31F90
|
31F90
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
CacheReady
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
LastRequest
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
CacheReady
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
LastUpdate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
NextUpdate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
There are 86 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
282D000
|
unkown image
|
page readonly
|
|
|
|
214C1718000
|
unkown
|
page read and write
|
|
|
|
2DB0000
|
unkown image
|
page readonly
|
|
|
|
214C0E00000
|
unkown
|
page read and write
|
|
|
|
2A4D000
|
unkown
|
page read and write
|
|
|
|
7FF578D9F000
|
unkown image
|
page readonly
|
|
|
|
28D8000
|
unkown image
|
page readonly
|
|
|
|
7990000
|
unkown
|
page read and write
|
|
|
|
5CE0000
|
unkown image
|
page readonly
|
|
|
|
2C50000
|
unkown
|
page read and write
|
|
|
|
D90000
|
unkown image
|
page read and write
|
|
|
|
7FF578E6A000
|
unkown image
|
page readonly
|
|
|
|
2DE8000
|
unkown
|
page read and write
|
|
|
|
24B0000
|
unkown image
|
page readonly
|
|
|
|
274A000
|
unkown
|
page read and write
|
|
|
|
2E8A000
|
heap private
|
page read and write
|
|
|
|
2590000
|
unkown image
|
page read and write
|
|
|
|
1EDC2B20000
|
unkown image
|
page readonly
|
|
|
|
2BFD000
|
unkown
|
page read and write
|
|
|
|
7FB70000
|
unkown image
|
page readonly
|
|
|
|
7FB62000
|
unkown image
|
page readonly
|
|
|
|
26E0000
|
unkown image
|
page read and write
|
|
|
|
3D40000
|
unkown image
|
page readonly
|
|
|
|
214C0E76000
|
unkown
|
page read and write
|
|
|
|
2970000
|
unkown
|
page read and write
|
|
|
|
7FF578DAD000
|
unkown image
|
page readonly
|
|
|
|
25A0000
|
unkown image
|
page readonly
|
|
|
|
2D74FF000
|
stack
|
page read and write
|
|
|
|
1EDC28F0000
|
unkown image
|
page readonly
|
|
|
|
214C62D0000
|
unkown
|
page read and write
|
|
|
|
2DDF000
|
unkown
|
page read and write
|
|
|
|
2DE6000
|
unkown
|
page read and write
|
|
|
|
28FB000
|
unkown image
|
page readonly
|
|
|
|
7FBA2000
|
unkown image
|
page readonly
|
|
|
|
214C63A0000
|
unkown
|
page read and write
|
|
|
|
5970000
|
unkown image
|
page readonly
|
|
|
|
7830000
|
unkown
|
page read and write
|
|
|
|
7FF50EF37000
|
unkown image
|
page readonly
|
|
|
|
214C1C30000
|
unkown
|
page read and write
|
|
|
|
2A49000
|
unkown
|
page read and write
|
|
|
|
214C1713000
|
unkown
|
page read and write
|
|
|
|
FF3C0000
|
unkown image
|
page readonly
|
|
|
|
7FF578E92000
|
unkown image
|
page readonly
|
|
|
|
7C7307F000
|
stack
|
page read and write
|
|
|
|
214C66B9000
|
unkown
|
page read and write
|
|
|
|
9C0000
|
unkown image
|
page readonly
|
|
|
|
F40000
|
unkown image
|
page readonly
|
|
|
|
7FF50EF24000
|
unkown image
|
page readonly
|
|
|
|
26F0000
|
unkown image
|
page readonly
|
|
|
|
9D0000
|
unkown image
|
page readonly
|
|
|
|
28FE000
|
unkown image
|
page readonly
|
|
|
|
27DA000
|
unkown image
|
page readonly
|
|
|
|
CA0000
|
unkown image
|
page readonly
|
|
|
|
568E000
|
stack
|
page read and write
|
|
|
|
7FF578DD6000
|
unkown image
|
page readonly
|
|
|
|
7FF578DB6000
|
unkown image
|
page readonly
|
|
|
|
2323000
|
unkown image
|
page readonly
|
|
|
|
7FF578D84000
|
unkown image
|
page readonly
|
|
|
|
253F000
|
unkown image
|
page readonly
|
|
|
|
7FE10000
|
unkown image
|
page readonly
|
|
|
|
22EB000
|
unkown image
|
page readonly
|
|
|
|
3490000
|
unkown image
|
page readonly
|
|
|
|
7FF22000
|
unkown image
|
page readonly
|
|
|
|
7FF578B65000
|
unkown image
|
page readonly
|
|
|
|
FF3C2000
|
unkown image
|
page readonly
|
|
|
|
214C1390000
|
unkown image
|
page readonly
|
|
|
|
7C72D7B000
|
stack
|
page read and write
|
|
|
|
3580000
|
unkown image
|
page readonly
|
|
|
|
FF3B2000
|
unkown image
|
page readonly
|
|
|
|
7FDF2000
|
unkown image
|
page readonly
|
|
|
|
214C668C000
|
unkown
|
page read and write
|
|
|
|
2A6D000
|
unkown
|
page read and write
|
|
|
|
7FF30000
|
unkown image
|
page readonly
|
|
|
|
78A0000
|
unkown
|
page read and write
|
|
|
|
2A65000
|
unkown
|
page read and write
|
|
|
|
7F300000
|
unkown image
|
page readonly
|
|
|
|
C80000
|
unkown image
|
page readonly
|
|
|
|
7FF578E44000
|
unkown image
|
page readonly
|
|
|
|
214C0D70000
|
unkown
|
page read and write
|
|
|
|
FF3D0000
|
unkown image
|
page readonly
|
|
|
|
7F2F2000
|
unkown image
|
page readonly
|
|
|
|
2903000
|
unkown image
|
page readonly
|
|
|
|
E3B000
|
heap default
|
page read and write
|
|
|
|
2BBE000
|
stack
|
page read and write
|
|
|
|
884000
|
unkown
|
page read and write
|
|
|
|
7FF50EDA1000
|
unkown image
|
page readonly
|
|
|
|
29DE000
|
unkown image
|
page readonly
|
|
|
|
1F5F000
|
unkown image
|
page readonly
|
|
|
|
7FF578626000
|
unkown image
|
page readonly
|
|
|
|
2BE0000
|
unkown image
|
page readonly
|
|
|
|
29D3000
|
unkown image
|
page readonly
|
|
|
|
214C0DE1000
|
unkown
|
page read and write
|
|
|
|
1EDC3540000
|
unkown
|
page read and write
|
|
|
|
1EDC299A000
|
heap default
|
page read and write
|
|
|
|
228A000
|
unkown image
|
page readonly
|
|
|
|
29C6000
|
unkown image
|
page readonly
|
|
|
|
2C01000
|
unkown
|
page read and write
|
|
|
|
7FF4F3E1B000
|
unkown image
|
page readonly
|
|
|
|
7FF578BD0000
|
unkown image
|
page readonly
|
|
|
|
3035000
|
unkown
|
page read and write
|
|
|
|
1EDC2B85000
|
heap private
|
page read and write
|
|
|
|
301D000
|
unkown
|
page read and write
|
|
|
|
2E3B000
|
unkown
|
page read and write
|
|
|
|
214C0C10000
|
heap private
|
page read and write
|
|
|
|
7FDF2000
|
unkown image
|
page readonly
|
|
|
|
12E0000
|
unkown image
|
page readonly
|
|
|
|
7FF578E97000
|
unkown image
|
page readonly
|
|
|
|
840000
|
unkown image
|
page read and write
|
|
|
|
7FB52000
|
unkown image
|
page readonly
|
|
|
|
2DC0000
|
unkown image
|
page readonly
|
|
|
|
214C6400000
|
unkown
|
page read and write
|
|
|
|
7FF10000
|
unkown image
|
page readonly
|
|
|
|
214C63F0000
|
unkown
|
page read and write
|
|
|
|
23D2000
|
unkown image
|
page readonly
|
|
|
|
214C6618000
|
unkown
|
page read and write
|
|
|
|
7C7347C000
|
stack
|
page read and write
|
|
|
|
2EC0000
|
unkown
|
page read and write
|
|
|
|
7F2E2000
|
unkown image
|
page readonly
|
|
|
|
2EF0000
|
heap default
|
page read and write
|
|
|
|
2332000
|
unkown image
|
page readonly
|
|
|
|
29A5000
|
unkown image
|
page readonly
|
|
|
|
214C670A000
|
unkown
|
page read and write
|
|
|
|
301D000
|
unkown
|
page read and write
|
|
|
|
214C1380000
|
unkown image
|
page readonly
|
|
|
|
DEF000
|
unkown
|
page read and write
|
|
|
|
7DF582C32000
|
unkown image
|
page readonly
|
|
|
|
245D000
|
unkown image
|
page readonly
|
|
|
|
2A10000
|
unkown image
|
page readonly
|
|
|
|
29E2000
|
unkown image
|
page readonly
|
|
|
|
2A60000
|
heap default
|
page read and write
|
|
|
|
7FB92000
|
unkown image
|
page readonly
|
|
|
|
3021000
|
unkown
|
page read and write
|
|
|
|
EFF000
|
stack
|
page read and write
|
|
|
|
2DD0000
|
unkown
|
page read and write
|
|
|
|
7FF578E83000
|
unkown image
|
page readonly
|
|
|
|
214C62D1000
|
unkown
|
page read and write
|
|
|
|
233F000
|
unkown image
|
page readonly
|
|
|
|
214C66B9000
|
unkown
|
page read and write
|
|
|
|
4F90000
|
unkown
|
page read and write
|
|
|
|
214C63E0000
|
unkown
|
page read and write
|
|
|
|
7DF582C42000
|
unkown image
|
page readonly
|
|
|
|
49DE000
|
stack
|
page read and write
|
|
|
|
7DF518D12000
|
unkown image
|
page readonly
|
|
|
|
214C6623000
|
unkown
|
page read and write
|
|
|
|
3011000
|
unkown
|
page read and write
|
|
|
|
7DF582C32000
|
unkown image
|
page readonly
|
|
|
|
7FF50EE6F000
|
unkown image
|
page readonly
|
|
|
|
7FF578B43000
|
unkown image
|
page readonly
|
|
|
|
7FF578D8F000
|
unkown image
|
page readonly
|
|
|
|
7FF578B94000
|
unkown image
|
page readonly
|
|
|
|
31CB000
|
heap default
|
page read and write
|
|
|
|
214C670C000
|
unkown
|
page read and write
|
|
|
|
7FF50EE96000
|
unkown image
|
page readonly
|
|
|
|
860000
|
unkown image
|
page readonly
|
|
|
|
7F2E0000
|
unkown image
|
page readonly
|
|
|
|
2917000
|
unkown image
|
page readonly
|
|
|
|
214C179A000
|
unkown
|
page read and write
|
|
|
|
11E0000
|
unkown image
|
page readonly
|
|
|
|
2E80000
|
unkown
|
page read and write
|
|
|
|
2282000
|
unkown image
|
page readonly
|
|
|
|
7DF518D10000
|
unkown image
|
page readonly
|
|
|
|
7DF518D12000
|
unkown image
|
page readonly
|
|
|
|
7F2E2000
|
unkown image
|
page readonly
|
|
|
|
2E7E000
|
stack
|
page read and write
|
|
|
|
7F2E0000
|
unkown image
|
page readonly
|
|
|
|
554E000
|
stack
|
page read and write
|
|
|
|
7C7317E000
|
stack
|
page read and write
|
|
|
|
3566000
|
heap private
|
page read and write
|
|
|
|
2945000
|
unkown image
|
page readonly
|
|
|
|
214C6430000
|
unkown
|
page read and write
|
|
|
|
214C66D1000
|
unkown
|
page read and write
|
|
|
|
7DF416BE0000
|
unkown image
|
page readonly
|
|
|
|
247E000
|
unkown image
|
page readonly
|
|
|
|
2B80000
|
unkown image
|
page readonly
|
|
|
|
4FB0000
|
unkown
|
page read and write
|
|
|
|
214C62DE000
|
unkown
|
page read and write
|
|
|
|
7FF50EE84000
|
unkown image
|
page readonly
|
|
|
|
214C0C00000
|
unkown image
|
page read and write
|
|
|
|
7CBF000
|
stack
|
page read and write
|
|
|
|
7FA90000
|
unkown image
|
page readonly
|
|
|
|
7FBA2000
|
unkown image
|
page readonly
|
|
|
|
788F000
|
stack
|
page read and write
|
|
|
|
E00000
|
heap default
|
page read and write
|
|
|
|
29B4000
|
heap private
|
page read and write
|
|
|
|
7F2E2000
|
unkown image
|
page readonly
|
|
|
|
7FF5789C2000
|
unkown image
|
page readonly
|
|
|
|
2DF0000
|
unkown
|
page read and write
|
|
|
|
214C0EA1000
|
unkown
|
page read and write
|
|
|
|
515E000
|
stack
|
page read and write
|
|
|
|
7FF578B96000
|
unkown image
|
page readonly
|
|
|
|
7C72FFF000
|
stack
|
page read and write
|
|
|
|
2DB0000
|
unkown image
|
page readonly
|
|
|
|
2991000
|
unkown image
|
page readonly
|
|
|
|
2A40000
|
unkown
|
page read and write
|
|
|
|
2948000
|
unkown image
|
page readonly
|
|
|
|
2FFA000
|
heap default
|
page read and write
|
|
|
|
7DF582C30000
|
unkown image
|
page readonly
|
|
|
|
1EDC2FA0000
|
unkown image
|
page readonly
|
|
|
|
214C6715000
|
unkown
|
page read and write
|
|
|
|
2895000
|
heap private
|
page read and write
|
|
|
|
2E90000
|
unkown image
|
page readonly
|
|
|
|
214C1758000
|
unkown
|
page read and write
|
|
|
|
2C05000
|
unkown
|
page read and write
|
|
|
|
27D4000
|
unkown image
|
page readonly
|
|
|
|
2A4E000
|
unkown
|
page read and write
|
|
|
|
C90000
|
heap private
|
page read and write
|
|
|
|
7FF50ED88000
|
unkown image
|
page readonly
|
|
|
|
B90000
|
unkown image
|
page readonly
|
|
|
|
3200000
|
unkown image
|
page readonly
|
|
|
|
7FB70000
|
unkown image
|
page readonly
|
|
|
|
FF3C0000
|
unkown image
|
page readonly
|
|
|
|
7D3F000
|
stack
|
page read and write
|
|
|
|
BA0000
|
unkown image
|
page readonly
|
|
|
|
7750000
|
unkown
|
page read and write
|
|
|
|
7FB52000
|
unkown image
|
page readonly
|
|
|
|
FF3B2000
|
unkown image
|
page readonly
|
|
|
|
A8D000
|
unkown
|
page read and write
|
|
|
|
2C02000
|
unkown
|
page read and write
|
|
|
|
293D000
|
unkown image
|
page readonly
|
|
|
|
270E000
|
unkown image
|
page readonly
|
|
|
|
4A1E000
|
stack
|
page read and write
|
|
|
|
26C8000
|
unkown
|
page read and write
|
|
|
|
5AE0000
|
unkown
|
page read and write
|
|
|
|
7FF4F3E1B000
|
unkown image
|
page readonly
|
|
|
|
292E000
|
stack
|
page read and write
|
|
|
|
578F000
|
stack
|
page read and write
|
|
|
|
2A18000
|
unkown image
|
page readonly
|
|
|
|
3025000
|
unkown
|
page read and write
|
|
|
|
214C6645000
|
unkown
|
page read and write
|
|
|
|
7FF578E41000
|
unkown image
|
page readonly
|
|
|
|
203F000
|
unkown image
|
page readonly
|
|
|
|
28F6000
|
unkown image
|
page readonly
|
|
|
|
7C72EFF000
|
stack
|
page read and write
|
|
|
|
7FF50EF21000
|
unkown image
|
page readonly
|
|
|
|
7DF518D30000
|
unkown image
|
page readonly
|
|
|
|
214C1799000
|
unkown
|
page read and write
|
|
|
|
2C40000
|
unkown image
|
page read and write
|
|
|
|
7C72C7E000
|
stack
|
page read and write
|
|
|
|
214C6663000
|
unkown
|
page read and write
|
|
|
|
278B000
|
unkown
|
page read and write
|
|
|
|
22E1000
|
unkown image
|
page readonly
|
|
|
|
7FF50E6F7000
|
unkown image
|
page readonly
|
|
|
|
24B8000
|
unkown image
|
page readonly
|
|
|
|
2CD0000
|
unkown image
|
page readonly
|
|
|
|
7F2E0000
|
unkown image
|
page readonly
|
|
|
|
3400000
|
unkown image
|
page readonly
|
|
|
|
230D000
|
unkown image
|
page readonly
|
|
|
|
7FF50E7F1000
|
unkown image
|
page readonly
|
|
|
|
2862000
|
unkown image
|
page readonly
|
|
|
|
1EDC3810000
|
unkown
|
page read and write
|
|
|
|
31FF000
|
heap default
|
page read and write
|
|
|
|
301D000
|
unkown
|
page read and write
|
|
|
|
214C179A000
|
unkown
|
page read and write
|
|
|
|
2D767E000
|
stack
|
page read and write
|
|
|
|
214C1602000
|
unkown
|
page read and write
|
|
|
|
7FF578BCE000
|
unkown image
|
page readonly
|
|
|
|
860000
|
unkown image
|
page readonly
|
|
|
|
7FB92000
|
unkown image
|
page readonly
|
|
|
|
3019000
|
unkown
|
page read and write
|
|
|
|
7C72A7A000
|
stack
|
page read and write
|
|
|
|
B86000
|
unkown
|
page read and write
|
|
|
|
214C6314000
|
unkown
|
page read and write
|
|
|
|
7FF578D45000
|
unkown image
|
page readonly
|
|
|
|
2B74000
|
heap private
|
page read and write
|
|
|
|
245B000
|
unkown image
|
page readonly
|
|
|
|
214C6704000
|
unkown
|
page read and write
|
|
|
|
12A7000
|
unkown
|
page execute and read and write
|
|
|
|
7FBA0000
|
unkown image
|
page readonly
|
|
|
|
2BB0000
|
unkown
|
page read and write
|
|
|
|
2790000
|
unkown image
|
page readonly
|
|
|
|
214C66D7000
|
unkown
|
page read and write
|
|
|
|
218D000
|
unkown image
|
page readonly
|
|
|
|
3050000
|
unkown image
|
page readonly
|
|
|
|
7FF50E6FF000
|
unkown image
|
page readonly
|
|
|
|
27CC000
|
unkown image
|
page readonly
|
|
|
|
7FF578A19000
|
unkown image
|
page readonly
|
|
|
|
282E000
|
stack
|
page read and write
|
|
|
|
2BF0000
|
unkown image
|
page readonly
|
|
|
|
3135000
|
heap default
|
page read and write
|
|
|
|
3190000
|
heap default
|
page read and write
|
|
|
|
7DF518D22000
|
unkown image
|
page readonly
|
|
|
|
2924000
|
unkown image
|
page readonly
|
|
|
|
7DF518D20000
|
unkown image
|
page readonly
|
|
|
|
25A0000
|
unkown image
|
page readonly
|
|
|
|
9D0000
|
unkown image
|
page readonly
|
|
|
|
2DCB000
|
unkown
|
page read and write
|
|
|
|
7FDF0000
|
unkown image
|
page readonly
|
|
|
|
214C6300000
|
unkown
|
page read and write
|
|
|
|
7FF578E4D000
|
unkown image
|
page readonly
|
|
|
|
FF3C2000
|
unkown image
|
page readonly
|
|
|
|
214C0E71000
|
unkown
|
page read and write
|
|
|
|
9E0000
|
unkown
|
page read and write
|
|
|
|
FF3B2000
|
unkown image
|
page readonly
|
|
|
|
7FF50EF34000
|
unkown image
|
page readonly
|
|
|
|
7FB90000
|
unkown image
|
page readonly
|
|
|
|
4F80000
|
unkown image
|
page readonly
|
|
|
|
7FF50EDB1000
|
unkown image
|
page readonly
|
|
|
|
7FF578BF4000
|
unkown image
|
page readonly
|
|
|
|
FF3C0000
|
unkown image
|
page readonly
|
|
|
|
7F2F0000
|
unkown image
|
page readonly
|
|
|
|
7CFE000
|
stack
|
page read and write
|
|
|
|
27F0000
|
unkown
|
page read and write
|
|
|
|
FF2B0000
|
unkown image
|
page readonly
|
|
|
|
214C0C40000
|
unkown image
|
page readonly
|
|
|
|
7FF578CD1000
|
unkown image
|
page readonly
|
|
|
|
214C0E29000
|
unkown
|
page read and write
|
|
|
|
7DF518D30000
|
unkown image
|
page readonly
|
|
|
|
2BDA000
|
unkown
|
page read and write
|
|
|
|
2A2E000
|
stack
|
page read and write
|
|
|
|
860000
|
unkown image
|
page readonly
|
|
|
|
292D000
|
unkown image
|
page readonly
|
|
|
|
214C62D8000
|
unkown
|
page read and write
|
|
|
|
10E8000
|
heap default
|
page read and write
|
|
|
|
7FF578D74000
|
unkown image
|
page readonly
|
|
|
|
7FF578E47000
|
unkown image
|
page readonly
|
|
|
|
214C21A0000
|
unkown
|
page read and write
|
|
|
|
26F0000
|
unkown image
|
page readonly
|
|
|
|
1280000
|
unkown image
|
page readonly
|
|
|
|
214C6715000
|
unkown
|
page read and write
|
|
|
|
214C62F4000
|
unkown
|
page read and write
|
|
|
|
214C1C10000
|
unkown
|
page read and write
|
|
|
|
7FB62000
|
unkown image
|
page readonly
|
|
|
|
2A51000
|
unkown
|
page read and write
|
|
|
|
2DC0000
|
unkown image
|
page readonly
|
|
|
|
214C17DB000
|
unkown
|
page read and write
|
|
|
|
2847000
|
unkown image
|
page readonly
|
|
|
|
2A2E000
|
stack
|
page read and write
|
|
|
|
59BD000
|
stack
|
page read and write
|
|
|
|
3021000
|
unkown
|
page read and write
|
|
|
|
529E000
|
stack
|
page read and write
|
|
|
|
319C000
|
heap default
|
page read and write
|
|
|
|
2ED0000
|
unkown image
|
page readonly
|
|
|
|
29A8000
|
unkown image
|
page readonly
|
|
|
|
1EDC28A0000
|
unkown image
|
page read and write
|
|
|
|
2A51000
|
unkown
|
page read and write
|
|
|
|
2A20000
|
heap default
|
page read and write
|
|
|
|
BF0000
|
unkown
|
page read and write
|
|
|
|
3022000
|
unkown
|
page read and write
|
|
|
|
7FF578C2A000
|
unkown image
|
page readonly
|
|
|
|
1EDC3120000
|
unkown image
|
page readonly
|
|
|
|
3390000
|
unkown
|
page read and write
|
|
|
|
7FF578DC2000
|
unkown image
|
page readonly
|
|
|
|
214C6702000
|
unkown
|
page read and write
|
|
|
|
A20000
|
unkown image
|
page read and write
|
|
|
|
FF3B0000
|
unkown image
|
page readonly
|
|
|
|
7FCF0000
|
unkown image
|
page readonly
|
|
|
|
7DF582C30000
|
unkown image
|
page readonly
|
|
|
|
214C6420000
|
unkown
|
page read and write
|
|
|
|
14E0000
|
unkown image
|
page readonly
|
|
|
|
31FA000
|
heap private
|
page read and write
|
|
|
|
3180000
|
unkown
|
page read and write
|
|
|
|
29CE000
|
unkown image
|
page readonly
|
|
|
|
7FF578B06000
|
unkown image
|
page readonly
|
|
|
|
7FBB0000
|
unkown image
|
page readonly
|
|
|
|
4AE0000
|
unkown
|
page read and write
|
|
|
|
3021000
|
unkown
|
page read and write
|
|
|
|
DB0000
|
heap private
|
page read and write
|
|
|
|
28ED000
|
unkown image
|
page readonly
|
|
|
|
3560000
|
heap private
|
page read and write
|
|
|
|
214C15E0000
|
unkown
|
page read and write
|
|
|
|
7FE00000
|
unkown image
|
page readonly
|
|
|
|
1EDC2982000
|
unkown
|
page read and write
|
|
|
|
2E30000
|
unkown image
|
page readonly
|
|
|
|
2840000
|
unkown image
|
page readonly
|
|
|
|
3520000
|
unkown
|
page read and write
|
|
|
|
1EDC2930000
|
heap default
|
page read and write
|
|
|
|
DEA000
|
unkown
|
page execute and read and write
|
|
|
|
214C66BD000
|
unkown
|
page read and write
|
|
|
|
225E000
|
unkown image
|
page readonly
|
|
|
|
214C1615000
|
unkown
|
page read and write
|
|
|
|
10E0000
|
heap default
|
page read and write
|
|
|
|
29E0000
|
heap private
|
page read and write
|
|
|
|
2A50000
|
heap private
|
page execute and read and write
|
|
|
|
5ABE000
|
stack
|
page read and write
|
|
|
|
7DF582C42000
|
unkown image
|
page readonly
|
|
|
|
7FF578CD8000
|
unkown image
|
page readonly
|
|
|
|
3028000
|
unkown
|
page read and write
|
|
|
|
4FC0000
|
unkown image
|
page readonly
|
|
|
|
2C1D000
|
unkown
|
page read and write
|
|
|
|
7DF518D20000
|
unkown image
|
page readonly
|
|
|
|
7FF50EDB8000
|
unkown image
|
page readonly
|
|
|
|
214C1700000
|
unkown
|
page read and write
|
|
|
|
2D713B000
|
unkown
|
page read and write
|
|
|
|
7FF50EF63000
|
unkown image
|
page readonly
|
|
|
|
214C66BE000
|
unkown
|
page read and write
|
|
|
|
7FF50EF4A000
|
unkown image
|
page readonly
|
|
|
|
7FF578B4A000
|
unkown image
|
page readonly
|
|
|
|
2B30000
|
unkown
|
page read and write
|
|
|
|
12B0000
|
unkown
|
page read and write
|
|
|
|
7FF50EF3B000
|
unkown image
|
page readonly
|
|
|
|
23BE000
|
unkown image
|
page readonly
|
|
|
|
2EA0000
|
unkown image
|
page readonly
|
|
|
|
2B70000
|
heap private
|
page read and write
|
|
|
|
2C50000
|
unkown image
|
page readonly
|
|
|
|
2368000
|
unkown image
|
page readonly
|
|
|
|
A50000
|
unkown image
|
page readonly
|
|
|
|
29A0000
|
unkown
|
page read and write
|
|
|
|
28D5000
|
unkown image
|
page readonly
|
|
|
|
2A18000
|
unkown image
|
page readonly
|
|
|
|
2E80000
|
heap private
|
page read and write
|
|
|
|
214C1881000
|
unkown
|
page read and write
|
|
|
|
214C15D0000
|
unkown
|
page read and write
|
|
|
|
246E000
|
unkown image
|
page readonly
|
|
|
|
214C6300000
|
unkown
|
page read and write
|
|
|
|
2C50000
|
unkown image
|
page readonly
|
|
|
|
8BC000
|
unkown
|
page read and write
|
|
|
|
261F000
|
unkown image
|
page readonly
|
|
|
|
FF3B0000
|
unkown image
|
page readonly
|
|
|
|
E0B000
|
heap default
|
page read and write
|
|
|
|
1EDC28B0000
|
unkown
|
page read and write
|
|
|
|
2368000
|
unkown image
|
page readonly
|
|
|
|
7FF578B9A000
|
unkown image
|
page readonly
|
|
|
|
7FF578BA0000
|
unkown image
|
page readonly
|
|
|
|
29B0000
|
heap private
|
page read and write
|
|
|
|
2941000
|
unkown image
|
page readonly
|
|
|
|
9BC000
|
unkown
|
page read and write
|
|
|
|
214C0E57000
|
unkown
|
page read and write
|
|
|
|
1EDC3130000
|
unkown image
|
page readonly
|
|
|
|
2C54000
|
unkown
|
page read and write
|
|
|
|
2DBE000
|
unkown
|
page read and write
|
|
|
|
214C6410000
|
unkown
|
page read and write
|
|
|
|
214C62D0000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
7FF578D58000
|
unkown image
|
page readonly
|
|
|
|
23E5000
|
unkown image
|
page readonly
|
|
|
|
276D000
|
unkown image
|
page readonly
|
|
|
|
214C0C70000
|
heap default
|
page read and write
|
|
|
|
2CB0000
|
unkown image
|
page readonly
|
|
|
|
76CE000
|
stack
|
page read and write
|
|
|
|
7FB50000
|
unkown image
|
page readonly
|
|
|
|
214C1759000
|
unkown
|
page read and write
|
|
|
|
293A000
|
unkown image
|
page readonly
|
|
|
|
214C0C20000
|
unkown image
|
page readonly
|
|
|
|
1100000
|
unkown image
|
page readonly
|
|
|
|
299F000
|
stack
|
page read and write
|
|
|
|
291F000
|
unkown image
|
page readonly
|
|
|
|
1EDC28E0000
|
unkown image
|
page readonly
|
|
|
|
FF3B0000
|
unkown image
|
page readonly
|
|
|
|
1EDC3820000
|
unkown
|
page read and write
|
|
|
|
7FF578B53000
|
unkown image
|
page readonly
|
|
|
|
214C0C50000
|
unkown image
|
page readonly
|
|
|
|
2C1D000
|
unkown
|
page read and write
|
|
|
|
4F7F000
|
stack
|
page read and write
|
|
|
|
7FF20000
|
unkown image
|
page readonly
|
|
|
|
7FF50EB41000
|
unkown image
|
page readonly
|
|
|
|
214C1E20000
|
unkown image
|
page readonly
|
|
|
|
214C6420000
|
unkown
|
page read and write
|
|
|
|
214C66D1000
|
unkown
|
page read and write
|
|
|
|
74C000
|
unkown image
|
page readonly
|
|
|
|
9C0000
|
unkown image
|
page readonly
|
|
|
|
218F000
|
unkown image
|
page readonly
|
|
|
|
A70000
|
unkown
|
page read and write
|
|
|
|
2851000
|
unkown image
|
page readonly
|
|
|
|
214C0E8F000
|
unkown
|
page read and write
|
|
|
|
214C15C3000
|
unkown
|
page read and write
|
|
|
|
7FB90000
|
unkown image
|
page readonly
|
|
|
|
2DDC000
|
unkown
|
page read and write
|
|
|
|
2A49000
|
unkown
|
page read and write
|
|
|
|
860000
|
unkown image
|
page readonly
|
|
|
|
214C1801000
|
unkown
|
page read and write
|
|
|
|
FF3D0000
|
unkown image
|
page readonly
|
|
|
|
283B000
|
unkown
|
page read and write
|
|
|
|
FF3B2000
|
unkown image
|
page readonly
|
|
|
|
2BFD000
|
unkown
|
page read and write
|
|
|
|
214C1C20000
|
unkown
|
page read and write
|
|
|
|
7FF578BDB000
|
unkown image
|
page readonly
|
|
|
|
FF3B2000
|
unkown image
|
page readonly
|
|
|
|
7FF5789F2000
|
unkown image
|
page readonly
|
|
|
|
7F9F0000
|
unkown
|
page execute and read and write
|
|
|
|
283E000
|
unkown image
|
page readonly
|
|
|
|
214C0E13000
|
unkown
|
page read and write
|
|
|
|
7FF578DA3000
|
unkown image
|
page readonly
|
|
|
|
7FF578C5F000
|
unkown image
|
page readonly
|
|
|
|
29BB000
|
unkown image
|
page readonly
|
|
|
|
1EDC37F0000
|
unkown
|
page read and write
|
|
|
|
7C72E7B000
|
stack
|
page read and write
|
|
|
|
214C6540000
|
unkown
|
page read and write
|
|
|
|
7FF578C3D000
|
unkown image
|
page readonly
|
|
|
|
2A52000
|
unkown
|
page read and write
|
|
|
|
7FF50EF77000
|
unkown image
|
page readonly
|
|
|
|
2F7F000
|
unkown
|
page read and write
|
|
|
|
214C62F1000
|
unkown
|
page read and write
|
|
|
|
7C72F7E000
|
stack
|
page read and write
|
|
|
|
7FF578B58000
|
unkown image
|
page readonly
|
|
|
|
248F000
|
unkown image
|
page readonly
|
|
|
|
7FE02000
|
unkown image
|
page readonly
|
|
|
|
DEC000
|
unkown
|
page execute and read and write
|
|
|
|
22B2000
|
unkown image
|
page readonly
|
|
|
|
229B000
|
unkown image
|
page readonly
|
|
|
|
7FF578D79000
|
unkown image
|
page readonly
|
|
|
|
2B50000
|
unkown image
|
page readonly
|
|
|
|
2C01000
|
unkown
|
page read and write
|
|
|
|
27CE000
|
unkown image
|
page readonly
|
|
|
|
226E000
|
unkown image
|
page readonly
|
|
|
|
214C0F02000
|
unkown
|
page read and write
|
|
|
|
2BD0000
|
heap default
|
page read and write
|
|
|
|
2D757A000
|
stack
|
page read and write
|
|
|
|
2DC0000
|
unkown image
|
page readonly
|
|
|
|
7FBA0000
|
unkown image
|
page readonly
|
|
|
|
7FF50EF77000
|
unkown image
|
page readonly
|
|
|
|
23DA000
|
unkown image
|
page readonly
|
|
|
|
214C1799000
|
unkown
|
page read and write
|
|
|
|
7FF50EF66000
|
unkown image
|
page readonly
|
|
|
|
214C1B00000
|
unkown
|
page read and write
|
|
|
|
214C0C20000
|
unkown image
|
page readonly
|
|
|
|
23EB000
|
unkown image
|
page readonly
|
|
|
|
7DF582C50000
|
unkown image
|
page readonly
|
|
|
|
274D000
|
unkown image
|
page readonly
|
|
|
|
3019000
|
unkown
|
page read and write
|
|
|
|
12AB000
|
unkown
|
page execute and read and write
|
|
|
|
214C0E3D000
|
unkown
|
page read and write
|
|
|
|
214C61D0000
|
unkown
|
page read and write
|
|
|
|
2940000
|
unkown image
|
page readonly
|
|
|
|
29EA000
|
heap private
|
page read and write
|
|
|
|
540E000
|
stack
|
page read and write
|
|
|
|
9D0000
|
unkown image
|
page readonly
|
|
|
|
2B9E000
|
stack
|
page read and write
|
|
|
|
CB5000
|
heap default
|
page read and write
|
|
|
|
214C15C0000
|
unkown
|
page read and write
|
|
|
|
2C01000
|
unkown
|
page read and write
|
|
|
|
214C1E00000
|
unkown image
|
page readonly
|
|
|
|
7FF578D01000
|
unkown image
|
page readonly
|
|
|
|
28EB000
|
unkown image
|
page readonly
|
|
|
|
214C1759000
|
unkown
|
page read and write
|
|
|
|
23C1000
|
unkown image
|
page readonly
|
|
|
|
219B000
|
unkown image
|
page readonly
|
|
|
|
214C66BB000
|
unkown
|
page read and write
|
|
|
|
2B80000
|
unkown image
|
page readonly
|
|
|
|
284B000
|
unkown image
|
page readonly
|
|
|
|
214C0EAF000
|
unkown
|
page read and write
|
|
|
|
2431000
|
unkown image
|
page readonly
|
|
|
|
7FF578E57000
|
unkown image
|
page readonly
|
|
|
|
2812000
|
unkown image
|
page readonly
|
|
|
|
9C0000
|
unkown image
|
page readonly
|
|
|
|
1EDC2B00000
|
unkown
|
page read and write
|
|
|
|
7F300000
|
unkown image
|
page readonly
|
|
|
|
28C1000
|
unkown image
|
page readonly
|
|
|
|
214C1D20000
|
unkown
|
page read and write
|
|
|
|
8240000
|
unkown
|
page read and write
|
|
|
|
7FDF0000
|
unkown image
|
page readonly
|
|
|
|
7FF578B89000
|
unkown image
|
page readonly
|
|
|
|
228D000
|
unkown image
|
page readonly
|
|
|
|
7FF578DE9000
|
unkown image
|
page readonly
|
|
|
|
214C6430000
|
unkown
|
page read and write
|
|
|
|
2C08000
|
unkown
|
page read and write
|
|
|
|
7F2F2000
|
unkown image
|
page readonly
|
|
|
|
1EDC2DA0000
|
unkown image
|
page readonly
|
|
|
|
214C0E94000
|
unkown
|
page read and write
|
|
|
|
231E000
|
unkown image
|
page readonly
|
|
|
|
FF3B0000
|
unkown image
|
page readonly
|
|
|
|
2295000
|
unkown image
|
page readonly
|
|
|
|
214C62D5000
|
unkown
|
page read and write
|
|
|
|
1EDC3800000
|
unkown
|
page readonly
|
|
|
|
29FD000
|
unkown image
|
page readonly
|
|
|
|
7FF578DEE000
|
unkown image
|
page readonly
|
|
|
|
214C1E40000
|
unkown image
|
page readonly
|
|
|
|
2BD0000
|
heap default
|
page read and write
|
|
|
|
2CAC000
|
unkown
|
page read and write
|
|
|
|
23AE000
|
unkown image
|
page readonly
|
|
|
|
2494000
|
unkown image
|
page readonly
|
|
|
|
10C0000
|
unkown image
|
page readonly
|
|
|
|
2473000
|
unkown image
|
page readonly
|
|
|
|
7C7327A000
|
stack
|
page read and write
|
|
|
|
4B20000
|
unkown
|
page read and write
|
|
|
|
501E000
|
stack
|
page read and write
|
|
|
|
7FF578DE7000
|
unkown image
|
page readonly
|
|
|
|
7FF50EF2D000
|
unkown image
|
page readonly
|
|
|
|
29F4000
|
unkown image
|
page readonly
|
|
|
|
2990000
|
unkown image
|
page readonly
|
|
|
|
7FF578A0C000
|
unkown image
|
page readonly
|
|
|
|
214C0F13000
|
unkown
|
page read and write
|
|
|
|
7F2F2000
|
unkown image
|
page readonly
|
|
|
|
24B8000
|
unkown image
|
page readonly
|
|
|
|
29EC000
|
unkown image
|
page readonly
|
|
|
|
27DC000
|
unkown image
|
page readonly
|
|
|
|
4A20000
|
unkown image
|
page readonly
|
|
|
|
2DF9000
|
unkown
|
page read and write
|
|
|
|
2BFE000
|
unkown
|
page read and write
|
|
|
|
FF3D0000
|
unkown image
|
page readonly
|
|
|
|
2A58000
|
unkown
|
page read and write
|
|
|
|
31B5000
|
heap default
|
page read and write
|
|
|
|
2C15000
|
unkown
|
page read and write
|
|
|
|
7FBB0000
|
unkown image
|
page readonly
|
|
|
|
214C66D1000
|
unkown
|
page read and write
|
|
|
|
2FD0000
|
unkown
|
page read and write
|
|
|
|
303D000
|
unkown
|
page read and write
|
|
|
|
3D30000
|
unkown image
|
page readonly
|
|
|
|
2316000
|
unkown image
|
page readonly
|
|
|
|
3DA1000
|
unkown
|
page read and write
|
|
|
|
2DEE000
|
unkown
|
page read and write
|
|
|
|
2445000
|
unkown image
|
page readonly
|
|
|
|
2A6D000
|
unkown
|
page read and write
|
|
|
|
7FF578C43000
|
unkown image
|
page readonly
|
|
|
|
230B000
|
unkown image
|
page readonly
|
|
|
|
2BDA000
|
heap default
|
page read and write
|
|
|
|
290E000
|
unkown image
|
page readonly
|
|
|
|
7FF12000
|
unkown image
|
page readonly
|
|
|
|
214C0E8D000
|
unkown
|
page read and write
|
|
|
|
1EDC2981000
|
unkown
|
page read and write
|
|
|
|
9C0000
|
unkown image
|
page readonly
|
|
|
|
2948000
|
unkown image
|
page readonly
|
|
|
|
BDE000
|
stack
|
page read and write
|
|
|
|
290E000
|
unkown image
|
page readonly
|
|
|
|
539E000
|
stack
|
page read and write
|
|
|
|
2DC3000
|
unkown
|
page read and write
|
|
|
|
FF3C0000
|
unkown image
|
page readonly
|
|
|
|
7C734FE000
|
stack
|
page read and write
|
|
|
|
321B000
|
heap default
|
page read and write
|
|
|
|
7FE00000
|
unkown image
|
page readonly
|
|
|
|
214C6310000
|
unkown
|
page read and write
|
|
|
|
232E000
|
unkown image
|
page readonly
|
|
|
|
4E7E000
|
stack
|
page read and write
|
|
|
|
2DB0000
|
unkown image
|
page readonly
|
|
|
|
7FF578D15000
|
unkown image
|
page readonly
|
|
|
|
214C66D1000
|
unkown
|
page read and write
|
|
|
|
B8A000
|
unkown
|
page read and write
|
|
|
|
2BF4000
|
heap default
|
page read and write
|
|
|
|
1EDC2910000
|
unkown
|
page read and write
|
|
|
|
294B000
|
unkown image
|
page readonly
|
|
|
|
214C1E30000
|
unkown image
|
page readonly
|
|
|
|
214C1E50000
|
unkown image
|
page readonly
|
|
|
|
2827000
|
unkown image
|
page readonly
|
|
|
|
7C728F7000
|
stack
|
page read and write
|
|
|
|
2912000
|
unkown image
|
page readonly
|
|
|
|
3BB0000
|
unkown image
|
page readonly
|
|
|
|
214C669C000
|
unkown
|
page read and write
|
|
|
|
214C1C40000
|
unkown image
|
page read and write
|
|
|
|
3014000
|
heap default
|
page read and write
|
|
|
|
2C50000
|
unkown image
|
page readonly
|
|
|
|
DD2000
|
unkown
|
page execute and read and write
|
|
|
|
2A18000
|
unkown image
|
page readonly
|
|
|
|
525E000
|
stack
|
page read and write
|
|
|
|
DDA000
|
unkown
|
page execute and read and write
|
|
|
|
214C0E9F000
|
unkown
|
page read and write
|
|
|
|
23B7000
|
unkown image
|
page readonly
|
|
|
|
768D000
|
stack
|
page read and write
|
|
|
|
7F300000
|
unkown image
|
page readonly
|
|
|
|
2360000
|
unkown image
|
page readonly
|
|
|
|
2C50000
|
unkown image
|
page readonly
|
|
|
|
3540000
|
heap private
|
page read and write
|
|
|
|
3130000
|
heap default
|
page read and write
|
|
|
|
7FF578D0E000
|
unkown image
|
page readonly
|
|
|
|
20AF000
|
unkown image
|
page readonly
|
|
|
|
7FF50EEC7000
|
unkown image
|
page readonly
|
|
|
|
5AD0000
|
unkown image
|
page readonly
|
|
|
|
7FF50EF27000
|
unkown image
|
page readonly
|
|
|
|
7C72B7A000
|
stack
|
page read and write
|
|
|
|
1EDC2B89000
|
heap private
|
page read and write
|
|
|
|
7FF578E86000
|
unkown image
|
page readonly
|
|
|
|
2BFD000
|
unkown
|
page read and write
|
|
|
|
31F7000
|
heap private
|
page read and write
|
|
|
|
214C1E10000
|
unkown image
|
page readonly
|
|
|
|
27A0000
|
unkown image
|
page readonly
|
|
|
|
33B2000
|
unkown
|
page read and write
|
|
|
|
234D000
|
unkown image
|
page readonly
|
|
|
|
2AA0000
|
unkown
|
page read and write
|
|
|
|
12D0000
|
heap private
|
page read and write
|
|
|
|
2466000
|
unkown image
|
page readonly
|
|
|
|
7FB60000
|
unkown image
|
page readonly
|
|
|
|
214C1200000
|
unkown image
|
page readonly
|
|
|
|
7F2E2000
|
unkown image
|
page readonly
|
|
|
|
7FF578B3D000
|
unkown image
|
page readonly
|
|
|
|
7FA50000
|
unkown image
|
page readonly
|
|
|
|
5BC0000
|
unkown image
|
page readonly
|
|
|
|
FF3D0000
|
unkown image
|
page readonly
|
|
|
|
214C0D50000
|
unkown image
|
page readonly
|
|
|
|
F30000
|
heap default
|
page read and write
|
|
|
|
284E000
|
unkown image
|
page readonly
|
|
|
|
7FF578703000
|
unkown image
|
page readonly
|
|
|
|
C7D000
|
unkown image
|
page readonly
|
|
|
|
33A1000
|
unkown
|
page read and write
|
|
|
|
2A41000
|
unkown
|
page read and write
|
|
|
|
7F2F0000
|
unkown image
|
page readonly
|
|
|
|
7FF50ECFC000
|
unkown image
|
page readonly
|
|
|
|
2E87000
|
heap private
|
page read and write
|
|
|
|
2BC0000
|
unkown
|
page read and write
|
|
|
|
7FE10000
|
unkown image
|
page readonly
|
|
|
|
2328000
|
unkown image
|
page readonly
|
|
|
|
7DF582C40000
|
unkown image
|
page readonly
|
|
|
|
31A5000
|
heap default
|
page read and write
|
|
|
|
CB0000
|
heap default
|
page read and write
|
|
|
|
7FF578D70000
|
unkown image
|
page readonly
|
|
|
|
7FF50EEC9000
|
unkown image
|
page readonly
|
|
|
|
7F300000
|
unkown image
|
page readonly
|
|
|
|
22BD000
|
unkown image
|
page readonly
|
|
|
|
214C66A4000
|
unkown
|
page read and write
|
|
|
|
286A000
|
unkown image
|
page readonly
|
|
|
|
511D000
|
stack
|
page read and write
|
|
|
|
1EDC2B80000
|
heap private
|
page read and write
|
|
|
|
888000
|
unkown
|
page read and write
|
|
|
|
22F5000
|
unkown image
|
page readonly
|
|
|
|
7DF582C40000
|
unkown image
|
page readonly
|
|
|
|
FF3D0000
|
unkown image
|
page readonly
|
|
|
|
214C6630000
|
unkown
|
page read and write
|
|
|
|
3021000
|
unkown
|
page read and write
|
|
|
|
1EDC35B0000
|
unkown
|
page read and write
|
|
|
|
2271000
|
unkown image
|
page readonly
|
|
|
|
2162000
|
unkown image
|
page readonly
|
|
|
|
2DA1000
|
unkown
|
page read and write
|
|
|
|
A30000
|
unkown image
|
page readonly
|
|
|
|
7FF20000
|
unkown image
|
page readonly
|
|
|
|
214C6700000
|
unkown
|
page read and write
|
|
|
|
7FF578C37000
|
unkown image
|
page readonly
|
|
|
|
214C0E7B000
|
unkown
|
page read and write
|
|
|
|
A30000
|
unkown image
|
page readonly
|
|
|
|
7FF30000
|
unkown image
|
page readonly
|
|
|
|
1EDC2981000
|
unkown
|
page read and write
|
|
|
|
2932000
|
unkown image
|
page readonly
|
|
|
|
7FF578D91000
|
unkown image
|
page readonly
|
|
|
|
7FF12000
|
unkown image
|
page readonly
|
|
|
|
2A30000
|
unkown image
|
page readonly
|
|
|
|
2291000
|
unkown image
|
page readonly
|
|
|
|
277B000
|
unkown image
|
page readonly
|
|
|
|
2B70000
|
unkown image
|
page read and write
|
|
|
|
2DC0000
|
unkown image
|
page readonly
|
|
|
|
29E7000
|
heap private
|
page read and write
|
|
|
|
DEB000
|
unkown
|
page read and write
|
|
|
|
4B10000
|
heap private
|
page read and write
|
|
|
|
7FF578B6F000
|
unkown image
|
page readonly
|
|
|
|
1EDC2B90000
|
unkown
|
page read and write
|
|
|
|
7FF578E54000
|
unkown image
|
page readonly
|
|
|
|
7DF518D10000
|
unkown image
|
page readonly
|
|
|
|
7C730FF000
|
stack
|
page read and write
|
|
|
|
2FF0000
|
heap default
|
page read and write
|
|
|
|
564F000
|
stack
|
page read and write
|
|
|
|
29FE000
|
unkown
|
page read and write
|
|
|
|
1EDC28C0000
|
unkown image
|
page readonly
|
|
|
|
7F1E0000
|
unkown image
|
page readonly
|
|
|
|
7DF518D22000
|
unkown image
|
page readonly
|
|
|
|
214C1600000
|
unkown
|
page read and write
|
|
|
|
216D000
|
unkown image
|
page readonly
|
|
|
|
2A55000
|
unkown
|
page read and write
|
|
|
|
2482000
|
unkown image
|
page readonly
|
|
|
|
2DB2000
|
unkown
|
page read and write
|
|
|
|
7FF578630000
|
unkown image
|
page readonly
|
|
|
|
2BF1000
|
unkown
|
page read and write
|
|
|
|
214C1718000
|
unkown
|
page read and write
|
|
|
|
2742000
|
unkown image
|
page readonly
|
|
|
|
7FE02000
|
unkown image
|
page readonly
|
|
|
|
214C6430000
|
unkown
|
page read and write
|
|
|
|
249D000
|
unkown image
|
page readonly
|
|
|
|
283D000
|
unkown image
|
page readonly
|
|
|
|
1292000
|
unkown
|
page execute and read and write
|
|
|
|
2267000
|
unkown image
|
page readonly
|
|
|
|
8A3000
|
unkown image
|
page readonly
|
|
|
|
7890000
|
unkown
|
page read and write
|
|
|
|
2A2A000
|
heap default
|
page read and write
|
|
|
|
1EDC28C0000
|
unkown image
|
page readonly
|
|
|
|
29D8000
|
unkown image
|
page readonly
|
|
|
|
2EE0000
|
unkown image
|
page readonly
|
|
|
|
7FF10000
|
unkown image
|
page readonly
|
|
|
|
214C6600000
|
unkown
|
page read and write
|
|
|
|
2875000
|
unkown image
|
page readonly
|
|
|
|
303D000
|
unkown
|
page read and write
|
|
|
|
2890000
|
heap private
|
page read and write
|
|
|
|
FF3C2000
|
unkown image
|
page readonly
|
|
|
|
23DD000
|
unkown image
|
page readonly
|
|
|
|
FF3C2000
|
unkown image
|
page readonly
|
|
|
|
2DB0000
|
unkown image
|
page readonly
|
|
|
|
1EDC297A000
|
unkown
|
page read and write
|
|
|
|
7FF50EEB6000
|
unkown image
|
page readonly
|
|
|
|
2DAB000
|
unkown
|
page read and write
|
|
|
|
7F2F0000
|
unkown image
|
page readonly
|
|
|
|
7FF578C67000
|
unkown image
|
page readonly
|
|
|
|
7F2F0000
|
unkown image
|
page readonly
|
|
|
|
DE0000
|
unkown
|
page read and write
|
|
|
|
7FF578B82000
|
unkown image
|
page readonly
|
|
|
|
780F000
|
stack
|
page read and write
|
|
|
|
29C0000
|
unkown
|
page read and write
|
|
|
|
7FF22000
|
unkown image
|
page readonly
|
|
|
|
7FF578D67000
|
unkown image
|
page readonly
|
|
|
|
2478000
|
unkown image
|
page readonly
|
|
|
|
2A51000
|
unkown
|
page read and write
|
|
|
|
2A4D000
|
unkown
|
page read and write
|
|
|
|
7DF582C50000
|
unkown image
|
page readonly
|
|
|
|
4B14000
|
heap private
|
page read and write
|
|
|
|
214C1759000
|
unkown
|
page read and write
|
|
|
|
7F2E0000
|
unkown image
|
page readonly
|
|
|
|
214C62F0000
|
unkown
|
page read and write
|
|
|
|
214C6652000
|
unkown
|
page read and write
|
|
|
|
2BF9000
|
unkown
|
page read and write
|
|
|
|
DE2000
|
unkown
|
page execute and read and write
|
|
|
|
4FB0000
|
unkown
|
page read and write
|
|
|
|
7DF480B00000
|
unkown image
|
page readonly
|
|
|
|
31F0000
|
heap private
|
page read and write
|
|
|
|
770E000
|
stack
|
page read and write
|
|
|
|
286D000
|
unkown image
|
page readonly
|
|
|
|
FF3B0000
|
unkown image
|
page readonly
|
|
|
|
784E000
|
stack
|
page read and write
|
|
|
|
26C4000
|
unkown
|
page read and write
|
|
|
|
214C1000000
|
unkown image
|
page readonly
|
|
|
|
1EDC2B70000
|
unkown
|
page read and write
|
|
|
|
2BF9000
|
unkown
|
page read and write
|
|
|
|
7FE10000
|
unkown image
|
page readonly
|
|
|
|
1EDC3870000
|
unkown
|
page read and write
|
|
|
|
2448000
|
unkown image
|
page readonly
|
|
|
|
2850000
|
unkown image
|
page readonly
|
|
|
|
2908000
|
unkown image
|
page readonly
|
|
|
|
7FF578D64000
|
unkown image
|
page readonly
|
|
|
|
214C6430000
|
unkown
|
page read and write
|
|
|
|
39B0000
|
unkown image
|
page readonly
|
|
|
|
7C724CC000
|
unkown
|
page read and write
|
|
|
|
FF3C2000
|
unkown image
|
page readonly
|
|
|
|
860000
|
unkown image
|
page readonly
|
|
|
|
7FF50EB44000
|
unkown image
|
page readonly
|
|
|
|
23E1000
|
unkown image
|
page readonly
|
|
|
|
7FB50000
|
unkown image
|
page readonly
|
|
|
|
9D0000
|
unkown image
|
page readonly
|
|
|
|
22DD000
|
unkown image
|
page readonly
|
|
|
|
4FA0000
|
unkown
|
page execute and read and write
|
|
|
|
7FF578672000
|
unkown image
|
page readonly
|
|
|
|
7FF578DDD000
|
unkown image
|
page readonly
|
|
|
|
214C0D80000
|
unkown image
|
page read and write
|
|
|
|
7FB60000
|
unkown image
|
page readonly
|
|
|
|
2A44000
|
heap default
|
page read and write
|
|
|
|
287B000
|
unkown image
|
page readonly
|
|
|
|
2A18000
|
unkown image
|
page readonly
|
|
|
|
77CE000
|
stack
|
page read and write
|
|
|
|
7FF50EB3F000
|
unkown image
|
page readonly
|
|
|
|
214C0E79000
|
unkown
|
page read and write
|
|
|
|
7FF578C3F000
|
unkown image
|
page readonly
|
|
|
|
BE0000
|
unkown
|
page read and write
|
|
|
|
2C01000
|
unkown
|
page read and write
|
|
|
|
2D75F9000
|
stack
|
page read and write
|
|
|
|
2A4D000
|
unkown
|
page read and write
|
|
|
|
7FF578DBA000
|
unkown image
|
page readonly
|
|
|
|
2A51000
|
unkown
|
page read and write
|
|
|
|
301E000
|
unkown
|
page read and write
|
|
|
|
2DDA000
|
unkown
|
page read and write
|
|
|
|
2DEA000
|
unkown
|
page read and write
|
|
|
|
774F000
|
stack
|
page read and write
|
|
|
|
7C7E000
|
stack
|
page read and write
|
|
|
|
2871000
|
unkown image
|
page readonly
|
|
|
|
2A10000
|
unkown image
|
page readonly
|
|
|
|
1EDC35A0000
|
unkown
|
page read and write
|
|
|
|
DC0000
|
unkown
|
page read and write
|
|
|
|
22F8000
|
unkown image
|
page readonly
|
|
|
|
7FF578C53000
|
unkown image
|
page readonly
|
|
|
|
25FA000
|
unkown
|
page read and write
|
|
|
|
214C0EFD000
|
unkown
|
page read and write
|
|
|
|
2F7B000
|
unkown
|
page read and write
|
|
|
|
2D76F9000
|
stack
|
page read and write
|
|
|
|
7FF50EEBD000
|
unkown image
|
page readonly
|
|
|
|
2344000
|
unkown image
|
page readonly
|
|
|
|
FF3C0000
|
unkown image
|
page readonly
|
|
|
|
7F2F2000
|
unkown image
|
page readonly
|
|
|
|
2D71BE000
|
stack
|
page read and write
|
|
|
|
550F000
|
stack
|
page read and write
|
|
|
|
2921000
|
unkown image
|
page readonly
|
|
There are 839 hidden memdumps, click here to show them.