Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\AppData\Local\Temp\xpo14wsl.qhu\favor-2069844189.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Name of Creating Application:
Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Thu Nov 25 06:57:13 2021, Security: 0
|
dropped
|
 |
|
|
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
|
data
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\15560d25-fc6a-4aa1-b344-e09f68ba8ad6.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\27b3965a-3552-469a-821b-1b87c64156ed.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\456a7a1d-3478-49c6-af46-adb16e617012.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\58703dc9-34ba-479a-af35-e318a07d4a40.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\94d55c88-dcc0-4d24-b9ac-4dca9b9bb8b3.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\014693f9-80db-4780-9239-4ff94641cca5.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\03d76ab9-d05d-45c9-9000-526126ee2fd6.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2f024a0a-67ea-43ed-8d91-70c5d96a6879.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3225bfcf-e9ed-4f5d-9c52-049aa16a8790.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\411c239e-12d2-4acd-a948-f9abc9d51b40.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\81a9ac02-601b-435d-be4d-21e0784ce8f2.tmp
|
ASCII text, with very long lines, with no line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.oldNT (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CURRENT (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
|
SQLite 3.x database, last written using SQLite version 3032001
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old. (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old. (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
|
SQLite 3.x database, last written using SQLite version 3032001
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Session (copy)
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Tabse (copy)
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.olde (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
|
PGP\011Secret Key -
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000002
|
MPEG-4 LOAS
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent StateMP (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences* (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences\ (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.. (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.t (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferenceson (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old
(copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.old
(copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG.old
(copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\d07f6d12-c956-435a-889c-062e1247057e.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\602605cd-a010-447a-97a4-267db34edb97.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG.old
(copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG.old
(copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG.olde/
(copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\aa23e448-a6a9-44ab-bcd4-9485709dd1c8.tmp
|
very short file (no magic)
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\bc84738c-cb1d-451c-8954-1971434c3a71.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
|
MPEG-4 LOAS
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\eb61acc6-0a83-4200-9689-2066e6f2ca5b.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fb25dee3-f988-45bd-8311-ef87520558d1.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local Statead (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info CacheMP (copy)
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info CacheT (copy)
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\c2be15bf-007e-4519-84d9-a43fbd4f5596.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\d700c138-7021-4006-9203-f3db014a332c.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\dd63e75d-82d4-49ee-a6b6-dc1916ee5209.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\e6107dbd-e7fc-4417-ad88-9c67d114dfd2.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\B23596F2-1A24-42C3-9DF5-B0AF7F1FF3FC
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\6748_871611095\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\6748_871611095\_platform_specific\x86_64\pnacl_public_pnacl_json
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\6748_871611095\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\6748_871611095\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\6748_871611095\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\6748_871611095\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377,
stripped
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\6748_871611095\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a
|
current ar archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\6748_871611095\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a
|
current ar archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\6748_871611095\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
|
current ar archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\6748_871611095\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
|
current ar archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\6748_871611095\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce,
stripped
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\6748_871611095\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9,
stripped
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\6748_871611095\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\6748_871611095\manifest.json
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\69619f8c-7a11-4e6a-812b-f7d60150bc5e.tmp
|
very short file (no magic)
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\797d361b-6ef9-4836-be19-826cc2a322ae.tmp
|
Google Chrome extension, version 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\8be7b269-f603-41e6-b4ce-f049d9c78bf5.tmp
|
Google Chrome extension, version 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\95c62f86-3059-4035-9c9d-32bfd72bddb5.tmp
|
very short file (no magic)
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\browser-sslkeys.log
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\gysmmmmr.30h\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\8be7b269-f603-41e6-b4ce-f049d9c78bf5.tmp
|
Google Chrome extension, version 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\bg\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\ca\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\cs\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\da\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\de\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\el\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\en\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\en_GB\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\es\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\es_419\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\et\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\fi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\fil\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\fr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\hi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\hr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\hu\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\id\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\it\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\ja\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\ko\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\lt\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\lv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\nb\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\nl\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\pl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\pt_BR\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\pt_PT\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\ro\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\ru\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\sk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\sl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\sr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\sv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\th\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\tr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\uk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\vi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\zh_CN\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_locales\zh_TW\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\craw_background.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\craw_window.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\css\craw_window.css
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\html\craw_window.html
|
HTML document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\images\flapper.gif
|
GIF image data, version 89a, 30 x 30
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\images\icon_128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\images\icon_16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\images\topbar_floating_button.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\images\topbar_floating_button_close.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\images\topbar_floating_button_hover.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\images\topbar_floating_button_maximize.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\images\topbar_floating_button_pressed.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_29293294\CRX_INSTALL\manifest.json
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\797d361b-6ef9-4836-be19-826cc2a322ae.tmp
|
Google Chrome extension, version 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\am\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\ar\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\bg\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\bn\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\ca\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\cs\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\da\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\de\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\el\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\en\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\es\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\et\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\fa\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\fi\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\fil\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\fr\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\gu\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\hi\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\hr\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\hu\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\id\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\it\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\iw\messages.json
|
HTML document, ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\ja\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\kn\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\ko\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\lt\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\lv\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\ml\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\mr\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\ms\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\nb\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\nl\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\pl\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\pt\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\ro\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\ru\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\sk\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\sl\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\sr\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\sv\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\sw\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\ta\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\te\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\th\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\tr\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\uk\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\vi\messages.json
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\zh\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_locales\zh_TW\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\angular.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\background_script.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\cast_sender.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\common.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\feedback.css
|
ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\feedback.html
|
HTML document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\feedback_script.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\manifest.json
|
ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\material_css_min.css
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\mirroring_cast_streaming.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\mirroring_common.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\mirroring_hangouts.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir6748_971149528\CRX_INSTALL\mirroring_webrtc.js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFCA18082A0C52441F.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\Downloads\65ca3dba-69e5-4519-98f6-2f6d47103d30.tmp
|
Zip archive data, at least v2.0 to extract
|
dropped
|
|
|
|
C:\Users\user\Downloads\rerumvel-6647201.zip.crdownloadg (copy)
|
Zip archive data, at least v2.0 to extract
|
dropped
|
|
|
|
C:\Users\user\Downloads\rerumvel-6647201.zip:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
There are 253 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /dde
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
"C:\Windows\System32\regsvr32.exe" C:\Datop\besta.ocx
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
"C:\Windows\System32\regsvr32.exe" C:\Datop\bestb.ocx
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
"C:\Windows\System32\regsvr32.exe" C:\Datop\bestc.ocx
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://www.artforlife.lozhkin.foundation/asperioresab/rerumvel-6647201
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,14176787574664726196,1403337882875848993,131072
--lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1912 /prefetch:8
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1604,14176787574664726196,1403337882875848993,131072
--lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4640 /prefetch:8
|
|
|
|
C:\Windows\SysWOW64\unarchiver.exe
|
C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\rerumvel-6647201.zip
|
|
|
|
C:\Windows\SysWOW64\7za.exe
|
C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\xpo14wsl.qhu" "C:\Users\user\Downloads\rerumvel-6647201.zip
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe" /C "C:\Users\user\AppData\Local\Temp\xpo14wsl.qhu\favor-2069844189.xls
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.artforlife.lozhkin.foundation/asperioresab/rerumvel-6647201
|
|
||
|
https://microtechzambia.com/utGI12nl/yh.html
|
142.4.29.152
|
|
|
|
https://apis.google.com/js/client.js
|
unknown
|
|
|
|
https://www.google.com/images/cleardot.gif
|
unknown
|
|
|
|
https://play.google.com
|
unknown
|
|
|
|
https://crash.corp.google.com/samples?reportid=&q=
|
unknown
|
|
|
|
https://www.google.com/log?format=json&hasfast=true
|
unknown
|
|
|
|
https://sandbox.google.com/payments/v4/js/integrator.js
|
unknown
|
|
|
|
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
|
unknown
|
|
|
|
https://accounts.google.com/MergeSession
|
unknown
|
|
|
|
https://preprod-hangouts-googleapis.sandbox.google.com
|
unknown
|
|
|
|
https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx
|
142.250.203.97
|
|
|
|
http://www.artforlife.lozhkin.foundation/asperioresab/rerumvel-66472012:
|
unknown
|
|
|
|
https://www.google.com
|
unknown
|
|
|
|
http://www.artforlife.lozhkin.foundation/asperioresab/rerumvel-6647201/07
|
unknown
|
|
|
|
https://hangouts.clients6.google.com
|
unknown
|
|
|
|
https://meet.google.com
|
unknown
|
|
|
|
https://hangouts.google.com/hangouts/_/logpref
|
unknown
|
|
|
|
https://accounts.google.com
|
unknown
|
|
|
|
https://clients2.google.com/cr/report
|
unknown
|
|
|
|
http://angularjs.org
|
unknown
|
|
|
|
http://www.artforlife.lozhkin.foundation/asperioresab/contemporary-236025701.zipK
|
unknown
|
|
|
|
https://creativecommons.org/publicdomain/zero/1.0/.
|
unknown
|
|
|
|
https://github.com/angular/material
|
unknown
|
|
|
|
https://apis.google.com
|
unknown
|
|
|
|
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
|
unknown
|
|
|
|
https://github.com/madler/zlib/blob/master/zlib.h
|
unknown
|
|
|
|
https://www-googleapis-staging.sandbox.google.com
|
unknown
|
|
|
|
http://www.artforlife.lozhkin.foundation/asperioresab/contemporary-236025701.zipL
|
unknown
|
|
|
|
https://clients2.google.com
|
unknown
|
|
|
|
https://magnascakes.com.br/aQ6mO5EsFPz/yh.html
|
108.179.253.213
|
|
|
|
https://www.google.com/tools/feedback
|
unknown
|
|
|
|
http://www.artforlife.lozhkin.foundation/asperioresab/rerumvel-6647201
|
31.131.22.224
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
|
|
|
http://www.artforlife.lozhkin.foundation/asperioresab/rerumvel-66472018
|
unknown
|
|
|
|
https://dns.google
|
unknown
|
|
|
|
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
|
unknown
|
|
|
|
https://www.google.com/intl/en-US/chrome/blank.html
|
unknown
|
|
|
|
https://ogs.google.com
|
unknown
|
|
|
|
https://support.google.com/chromecast/troubleshooter/2995236
|
unknown
|
|
|
|
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
|
unknown
|
|
|
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.250.203.110
|
|
|
|
http://www.artforlife.lozhkin.foundation/asperioresab/rerumvel-66472012
|
unknown
|
|
|
|
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
172.217.168.45
|
|
|
|
http://www.artforlife.lozhkin.foundation/asperioresab/contemporary-236025701.zip
|
31.131.22.224
|
|
|
|
https://payments.google.com/payments/v4/js/integrator.js
|
unknown
|
|
|
|
https://www.google.com;
|
unknown
|
|
|
|
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
|
unknown
|
|
|
|
https://hangouts.google.com/
|
unknown
|
|
|
|
https://www.google.com/images/x2.gif
|
unknown
|
|
|
|
https://sherwinclothing.in/oqxIAZfo56z/yh.html
|
103.53.42.241
|
|
|
|
http://llvm.org/):
|
unknown
|
|
|
|
https://www.google.com/images/dot2.gif
|
unknown
|
|
|
|
https://meetings.clients6.google.com
|
unknown
|
|
|
|
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
|
|
|
https://code.google.com/p/nativeclient/issues/entry%s:
|
unknown
|
|
|
|
http://tools.ietf.org/html/rfc1950
|
unknown
|
|
|
|
http://www.artforlife.lozhkin.foundation/asperioresab/rerumvel-6647201http://www.artforlife.lozhkin.
|
unknown
|
|
|
|
https://code.google.com/p/nativeclient/issues/entry
|
unknown
|
|
|
|
https://support.google.com/chromecast/answer/2998456
|
unknown
|
|
|
|
https://clients2.googleusercontent.com
|
unknown
|
|
|
|
https://docs.google.com
|
unknown
|
|
|
|
https://www.google.com/
|
unknown
|
|
|
|
https://feedback.googleusercontent.com
|
unknown
|
|
|
|
https://chromium.googlesource.com/a/native_client/pnacl-clang.git
|
unknown
|
|
|
|
https://clients2.google.com/service/update2/crx
|
unknown
|
|
|
|
https://clients6.google.com
|
unknown
|
|
There are 56 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
microtechzambia.com
|
142.4.29.152
|
|
|
|
accounts.google.com
|
172.217.168.45
|
|
|
|
magnascakes.com.br
|
108.179.253.213
|
|
|
|
www.artforlife.lozhkin.foundation
|
31.131.22.224
|
|
|
|
sherwinclothing.in
|
103.53.42.241
|
|
|
|
clients.l.google.com
|
142.250.203.110
|
|
|
|
googlehosted.l.googleusercontent.com
|
142.250.203.97
|
|
|
|
clients2.googleusercontent.com
|
unknown
|
|
|
|
clients2.google.com
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.1
|
unknown
|
unknown
|
|
|
|
103.53.42.241
|
sherwinclothing.in
|
India
|
|
|
|
142.250.203.110
|
clients.l.google.com
|
United States
|
|
|
|
172.217.168.45
|
accounts.google.com
|
United States
|
|
|
|
31.131.22.224
|
www.artforlife.lozhkin.foundation
|
Ukraine
|
|
|
|
108.179.253.213
|
magnascakes.com.br
|
United States
|
|
|
|
142.250.203.97
|
googlehosted.l.googleusercontent.com
|
United States
|
|
|
|
239.255.255.250
|
unknown
|
Reserved
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
|
|
|
142.4.29.152
|
microtechzambia.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\SysWOW64\unarchiver.exe.FriendlyAppName
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\SysWOW64\unarchiver.exe.ApplicationCompany
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mfehgcgbbipciphmccgaenjidiccnmng
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
pkedcjkdefgpdelpbcmbmeomcjbeemfm
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
dr
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blacklist_cache_md5_digest
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
|
|
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
|
Implementing
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Excel\system
|
ProcessName
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Excel\system
|
WindowName
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Excel\system
|
WindowClassName
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\f0\52C64B7E
|
@C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\oregres.dll,-206
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE.FriendlyAppName
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE.ApplicationCompany
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
c-<
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
d-<
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
>3<
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\28B3F
|
28B3F
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\28CA7
|
28CA7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\28B3F
|
28B3F
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
CacheReady
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
LastRequest
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
CacheReady
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
LastUpdate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
NextUpdate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
There are 86 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF50C3D4000
|
unkown image
|
page readonly
|
|
|
|
27182B8E000
|
unkown
|
page read and write
|
|
|
|
2B31000
|
unkown image
|
page readonly
|
|
|
|
2ADF000
|
unkown image
|
page readonly
|
|
|
|
27182B82000
|
unkown
|
page read and write
|
|
|
|
7FF55A63E000
|
unkown image
|
page readonly
|
|
|
|
D57107B000
|
stack
|
page read and write
|
|
|
|
263F5055000
|
unkown
|
page read and write
|
|
|
|
27182070000
|
heap default
|
page read and write
|
|
|
|
263F5100000
|
unkown
|
page read and write
|
|
|
|
14C0000
|
unkown image
|
page readonly
|
|
|
|
2718306A000
|
unkown
|
page read and write
|
|
|
|
7FF5C8361000
|
unkown image
|
page readonly
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
FFD60000
|
unkown image
|
page readonly
|
|
|
|
271822E6000
|
unkown
|
page read and write
|
|
|
|
7F490000
|
unkown image
|
page readonly
|
|
|
|
7FEB2000
|
unkown image
|
page readonly
|
|
|
|
2718223C000
|
unkown
|
page read and write
|
|
|
|
27182B7D000
|
unkown
|
page read and write
|
|
|
|
7FF575F0E000
|
unkown image
|
page readonly
|
|
|
|
4E90000
|
unkown image
|
page readonly
|
|
|
|
7DF421CD0000
|
unkown image
|
page readonly
|
|
|
|
2D50000
|
unkown image
|
page readonly
|
|
|
|
7FF5C8299000
|
unkown image
|
page readonly
|
|
|
|
2B13000
|
unkown image
|
page readonly
|
|
|
|
27183002000
|
unkown
|
page read and write
|
|
|
|
7FF50CDAB000
|
unkown image
|
page readonly
|
|
|
|
2B9B000
|
unkown image
|
page readonly
|
|
|
|
7FF5C81A7000
|
unkown image
|
page readonly
|
|
|
|
506E000
|
stack
|
page read and write
|
|
|
|
34D0000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
7FF50CECF000
|
unkown image
|
page readonly
|
|
|
|
7FF575F07000
|
unkown image
|
page readonly
|
|
|
|
C40000
|
unkown
|
page read and write
|
|
|
|
FFD62000
|
unkown image
|
page readonly
|
|
|
|
2F0A000
|
heap default
|
page read and write
|
|
|
|
7FF50C3DA000
|
unkown image
|
page readonly
|
|
|
|
2A76000
|
unkown image
|
page readonly
|
|
|
|
7FF5C83EF000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
2718306A000
|
unkown
|
page read and write
|
|
|
|
29E8D980000
|
unkown image
|
page read and write
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
27182B69000
|
unkown
|
page read and write
|
|
|
|
7DF583C50000
|
unkown image
|
page readonly
|
|
|
|
7FF515C81000
|
unkown image
|
page readonly
|
|
|
|
2EE8000
|
unkown
|
page read and write
|
|
|
|
271822AB000
|
unkown
|
page read and write
|
|
|
|
7FF50CED3000
|
unkown image
|
page readonly
|
|
|
|
7FF5C7FC7000
|
unkown image
|
page readonly
|
|
|
|
27182BAD000
|
unkown
|
page read and write
|
|
|
|
7FF5155BA000
|
unkown image
|
page readonly
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
B9D000
|
stack
|
page read and write
|
|
|
|
2B18000
|
unkown image
|
page readonly
|
|
|
|
2B07000
|
unkown image
|
page readonly
|
|
|
|
2B06000
|
unkown image
|
page readonly
|
|
|
|
2A0E000
|
unkown image
|
page readonly
|
|
|
|
7FF516179000
|
unkown image
|
page readonly
|
|
|
|
2A2C2980000
|
unkown image
|
page read and write
|
|
|
|
7FF5C823F000
|
unkown image
|
page readonly
|
|
|
|
2794D385000
|
unkown
|
page read and write
|
|
|
|
C50000
|
heap default
|
page read and write
|
|
|
|
271822B2000
|
unkown
|
page read and write
|
|
|
|
27182B1A000
|
unkown
|
page read and write
|
|
|
|
7DF4D4010000
|
unkown image
|
page readonly
|
|
|
|
7FF575FE1000
|
unkown image
|
page readonly
|
|
|
|
BF0000
|
unkown
|
page read and write
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
27182BAD000
|
unkown
|
page read and write
|
|
|
|
BE0000
|
unkown image
|
page readonly
|
|
|
|
7DF5D6152000
|
unkown image
|
page readonly
|
|
|
|
29E8E202000
|
unkown
|
page read and write
|
|
|
|
2794D377000
|
heap default
|
page read and write
|
|
|
|
7FF5C82CB000
|
unkown image
|
page readonly
|
|
|
|
29E8D9A0000
|
unkown image
|
page readonly
|
|
|
|
341D000
|
unkown
|
page read and write
|
|
|
|
2F25000
|
unkown
|
page read and write
|
|
|
|
572F000
|
stack
|
page read and write
|
|
|
|
EC9887F000
|
stack
|
page read and write
|
|
|
|
3250000
|
unkown image
|
page readonly
|
|
|
|
7F562000
|
unkown image
|
page readonly
|
|
|
|
2F31000
|
unkown
|
page read and write
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
27182B9A000
|
unkown
|
page read and write
|
|
|
|
27182BA9000
|
unkown
|
page read and write
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
CE0000
|
unkown
|
page read and write
|
|
|
|
5D60000
|
unkown image
|
page readonly
|
|
|
|
1340000
|
unkown image
|
page readonly
|
|
|
|
27182B67000
|
unkown
|
page read and write
|
|
|
|
7FD50000
|
unkown image
|
page readonly
|
|
|
|
263F4EE0000
|
unkown image
|
page readonly
|
|
|
|
C2F477F000
|
stack
|
page read and write
|
|
|
|
BD0000
|
unkown image
|
page readonly
|
|
|
|
7DF568372000
|
unkown image
|
page readonly
|
|
|
|
2A2C2A5C000
|
unkown
|
page read and write
|
|
|
|
630000
|
unkown
|
page read and write
|
|
|
|
27183002000
|
unkown
|
page read and write
|
|
|
|
7FF559F4E000
|
unkown image
|
page readonly
|
|
|
|
7D0000
|
unkown image
|
page readonly
|
|
|
|
2A2C2B02000
|
unkown
|
page read and write
|
|
|
|
27182010000
|
heap private
|
page read and write
|
|
|
|
7FF575FD1000
|
unkown image
|
page readonly
|
|
|
|
2A1F000
|
unkown image
|
page readonly
|
|
|
|
29AC000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
7FF5C83F3000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
2AF1000
|
unkown image
|
page readonly
|
|
|
|
3C10000
|
unkown image
|
page readonly
|
|
|
|
2794D2C0000
|
unkown
|
page read and write
|
|
|
|
7FF50CE15000
|
unkown image
|
page readonly
|
|
|
|
2EF1000
|
unkown
|
page read and write
|
|
|
|
9F0000
|
unkown image
|
page read and write
|
|
|
|
7F490000
|
unkown image
|
page readonly
|
|
|
|
C2F447E000
|
stack
|
page read and write
|
|
|
|
2A36000
|
unkown image
|
page readonly
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
7DF523E20000
|
unkown image
|
page readonly
|
|
|
|
EC988FF000
|
stack
|
page read and write
|
|
|
|
A10000
|
heap default
|
page read and write
|
|
|
|
27183002000
|
unkown
|
page read and write
|
|
|
|
7FF5C83A2000
|
unkown image
|
page readonly
|
|
|
|
7FF516097000
|
unkown image
|
page readonly
|
|
|
|
3210000
|
unkown image
|
page readonly
|
|
|
|
27182B7D000
|
unkown
|
page read and write
|
|
|
|
FB0000
|
unkown image
|
page readonly
|
|
|
|
C92000
|
unkown
|
page execute and read and write
|
|
|
|
29E8E150000
|
unkown
|
page read and write
|
|
|
|
2AF1000
|
unkown image
|
page readonly
|
|
|
|
2A2C3202000
|
unkown
|
page read and write
|
|
|
|
2DD0000
|
unkown image
|
page readonly
|
|
|
|
2718225A000
|
unkown
|
page read and write
|
|
|
|
2A2C2B00000
|
unkown
|
page read and write
|
|
|
|
2AFB000
|
unkown image
|
page readonly
|
|
|
|
C0F807C000
|
unkown
|
page read and write
|
|
|
|
7FF515FFB000
|
unkown image
|
page readonly
|
|
|
|
7FF50CEE7000
|
unkown image
|
page readonly
|
|
|
|
2B0C000
|
unkown image
|
page readonly
|
|
|
|
2A6D000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
FFD60000
|
unkown image
|
page readonly
|
|
|
|
7F800000
|
unkown image
|
page readonly
|
|
|
|
2EC0000
|
unkown image
|
page readonly
|
|
|
|
C0F8477000
|
stack
|
page read and write
|
|
|
|
7FF575F57000
|
unkown image
|
page readonly
|
|
|
|
7F4A0000
|
unkown image
|
page readonly
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
2A2C2ED0000
|
unkown image
|
page readonly
|
|
|
|
2A55000
|
unkown image
|
page readonly
|
|
|
|
C9E000
|
stack
|
page read and write
|
|
|
|
A3C000
|
unkown
|
page read and write
|
|
|
|
2E9E000
|
stack
|
page read and write
|
|
|
|
2794D320000
|
unkown image
|
page readonly
|
|
|
|
7F560000
|
unkown image
|
page readonly
|
|
|
|
271822E9000
|
unkown
|
page read and write
|
|
|
|
7FEB0000
|
unkown image
|
page readonly
|
|
|
|
2A76000
|
unkown image
|
page readonly
|
|
|
|
F25000
|
unkown image
|
page readonly
|
|
|
|
27182B81000
|
unkown
|
page read and write
|
|
|
|
7FF5C84B9000
|
unkown image
|
page readonly
|
|
|
|
7FF5C8245000
|
unkown image
|
page readonly
|
|
|
|
2A50000
|
unkown
|
page read and write
|
|
|
|
7FF5C7E5C000
|
unkown image
|
page readonly
|
|
|
|
B5A000
|
heap private
|
page read and write
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
EC98AFA000
|
stack
|
page read and write
|
|
|
|
263F5069000
|
unkown
|
page read and write
|
|
|
|
B10000
|
unkown
|
page read and write
|
|
|
|
2A5B000
|
unkown image
|
page readonly
|
|
|
|
AD0000
|
unkown
|
page read and write
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
7DF51AC22000
|
unkown image
|
page readonly
|
|
|
|
7C80000
|
unkown
|
page read and write
|
|
|
|
7F560000
|
unkown image
|
page readonly
|
|
|
|
2D4A000
|
unkown
|
page read and write
|
|
|
|
7F3F0000
|
unkown
|
page execute and read and write
|
|
|
|
2DB0000
|
unkown image
|
page readonly
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
263F5082000
|
unkown
|
page read and write
|
|
|
|
7FF50CFBA000
|
unkown image
|
page readonly
|
|
|
|
2794D280000
|
unkown image
|
page readonly
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
7FF5161A1000
|
unkown image
|
page readonly
|
|
|
|
7FEA0000
|
unkown image
|
page readonly
|
|
|
|
2B13000
|
unkown image
|
page readonly
|
|
|
|
3326000
|
heap private
|
page read and write
|
|
|
|
27183002000
|
unkown
|
page read and write
|
|
|
|
2F4D000
|
unkown
|
page read and write
|
|
|
|
263F508B000
|
unkown
|
page read and write
|
|
|
|
27182B6A000
|
unkown
|
page read and write
|
|
|
|
C0F877F000
|
stack
|
page read and write
|
|
|
|
2F31000
|
unkown
|
page read and write
|
|
|
|
D570DF7000
|
stack
|
page read and write
|
|
|
|
7FF5C83BE000
|
unkown image
|
page readonly
|
|
|
|
27182B9A000
|
unkown
|
page read and write
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
7DF523E20000
|
unkown image
|
page readonly
|
|
|
|
7FF5C8457000
|
unkown image
|
page readonly
|
|
|
|
3240000
|
heap private
|
page read and write
|
|
|
|
2AE9000
|
unkown image
|
page readonly
|
|
|
|
7FF515FF5000
|
unkown image
|
page readonly
|
|
|
|
D40000
|
heap private
|
page read and write
|
|
|
|
D08000
|
heap default
|
page read and write
|
|
|
|
27182B8C000
|
unkown
|
page read and write
|
|
|
|
2718225B000
|
unkown
|
page read and write
|
|
|
|
27182B8C000
|
unkown
|
page read and write
|
|
|
|
7FF5C840E000
|
unkown image
|
page readonly
|
|
|
|
2A76000
|
unkown image
|
page readonly
|
|
|
|
A70000
|
unkown image
|
page readonly
|
|
|
|
303B000
|
unkown
|
page read and write
|
|
|
|
2A5B000
|
unkown image
|
page readonly
|
|
|
|
2A2C2A29000
|
unkown
|
page read and write
|
|
|
|
7FF55A633000
|
unkown image
|
page readonly
|
|
|
|
27182860000
|
unkown image
|
page write copy
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
52FE000
|
stack
|
page read and write
|
|
|
|
7FF55A637000
|
unkown image
|
page readonly
|
|
|
|
27182B6F000
|
unkown
|
page read and write
|
|
|
|
4EC0000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
3390000
|
unkown
|
page read and write
|
|
|
|
2ADB000
|
unkown image
|
page readonly
|
|
|
|
7FF575F3E000
|
unkown image
|
page readonly
|
|
|
|
7FF5C8335000
|
unkown image
|
page readonly
|
|
|
|
7FEC0000
|
unkown image
|
page readonly
|
|
|
|
D0E000
|
stack
|
page read and write
|
|
|
|
3401000
|
unkown
|
page read and write
|
|
|
|
29E8DA4C000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown image
|
page readonly
|
|
|
|
7FF55A68D000
|
unkown image
|
page readonly
|
|
|
|
78EF000
|
stack
|
page read and write
|
|
|
|
2950000
|
unkown
|
page read and write
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
271821E0000
|
unkown
|
page read and write
|
|
|
|
7F480000
|
unkown image
|
page readonly
|
|
|
|
27182B98000
|
unkown
|
page read and write
|
|
|
|
7FF5C8400000
|
unkown image
|
page readonly
|
|
|
|
2A2C2990000
|
heap private
|
page read and write
|
|
|
|
7F4A0000
|
unkown image
|
page readonly
|
|
|
|
27182B77000
|
unkown
|
page read and write
|
|
|
|
2AEB000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
2F00000
|
heap default
|
page read and write
|
|
|
|
770000
|
unkown image
|
page readonly
|
|
|
|
C2F3F2E000
|
stack
|
page read and write
|
|
|
|
2ABB000
|
unkown image
|
page readonly
|
|
|
|
7F482000
|
unkown image
|
page readonly
|
|
|
|
FFD50000
|
unkown image
|
page readonly
|
|
|
|
2EE5000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
7FF575ED7000
|
unkown image
|
page readonly
|
|
|
|
7FF575FDA000
|
unkown image
|
page readonly
|
|
|
|
263F4EC0000
|
unkown image
|
page read and write
|
|
|
|
C9A000
|
unkown
|
page execute and read and write
|
|
|
|
3000000
|
unkown image
|
page readonly
|
|
|
|
7DF5D6150000
|
unkown image
|
page readonly
|
|
|
|
2A6D000
|
unkown image
|
page readonly
|
|
|
|
341D000
|
unkown
|
page read and write
|
|
|
|
263F5013000
|
unkown
|
page read and write
|
|
|
|
C0F857D000
|
stack
|
page read and write
|
|
|
|
7FF575DEF000
|
unkown image
|
page readonly
|
|
|
|
31A0000
|
unkown image
|
page readonly
|
|
|
|
7B0000
|
unkown image
|
page readonly
|
|
|
|
2A90000
|
unkown image
|
page readonly
|
|
|
|
2E4E000
|
stack
|
page read and write
|
|
|
|
8B4000
|
unkown
|
page read and write
|
|
|
|
7FF559F52000
|
unkown image
|
page readonly
|
|
|
|
7FF50CE41000
|
unkown image
|
page readonly
|
|
|
|
4A34000
|
heap private
|
page read and write
|
|
|
|
7FF5C8291000
|
unkown image
|
page readonly
|
|
|
|
2B7B000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
298D000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
2B1F000
|
unkown image
|
page readonly
|
|
|
|
27182B98000
|
unkown
|
page read and write
|
|
|
|
27182B6C000
|
unkown
|
page read and write
|
|
|
|
263F5802000
|
unkown
|
page read and write
|
|
|
|
7FF5160A9000
|
unkown image
|
page readonly
|
|
|
|
2FA4000
|
unkown
|
page read and write
|
|
|
|
2BB2000
|
unkown image
|
page readonly
|
|
|
|
7FF5C84C4000
|
unkown image
|
page readonly
|
|
|
|
31C0000
|
heap private
|
page read and write
|
|
|
|
7B9F000
|
stack
|
page read and write
|
|
|
|
2F04000
|
unkown
|
page read and write
|
|
|
|
263F5002000
|
unkown
|
page read and write
|
|
|
|
C0F837B000
|
stack
|
page read and write
|
|
|
|
27182B7A000
|
unkown
|
page read and write
|
|
|
|
27182271000
|
unkown
|
page read and write
|
|
|
|
BA0000
|
heap default
|
page read and write
|
|
|
|
7FF50CAA1000
|
unkown image
|
page readonly
|
|
|
|
27182040000
|
unkown image
|
page readonly
|
|
|
|
27182BBD000
|
unkown
|
page read and write
|
|
|
|
27182B84000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown image
|
page readonly
|
|
|
|
542F000
|
stack
|
page read and write
|
|
|
|
7F7F2000
|
unkown image
|
page readonly
|
|
|
|
27182150000
|
unkown image
|
page readonly
|
|
|
|
27182250000
|
unkown
|
page read and write
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
113F000
|
stack
|
page read and write
|
|
|
|
2794D630000
|
heap private
|
page read and write
|
|
|
|
7FF516184000
|
unkown image
|
page readonly
|
|
|
|
7FF5C845D000
|
unkown image
|
page readonly
|
|
|
|
3CF1000
|
unkown
|
page read and write
|
|
|
|
7F380000
|
unkown image
|
page readonly
|
|
|
|
2794D260000
|
unkown image
|
page read and write
|
|
|
|
2A2C29A0000
|
unkown image
|
page readonly
|
|
|
|
7FF575D91000
|
unkown image
|
page readonly
|
|
|
|
29E8D9D0000
|
unkown image
|
page readonly
|
|
|
|
AF0000
|
unkown image
|
page readonly
|
|
|
|
7FF575F00000
|
unkown image
|
page readonly
|
|
|
|
7DF523E02000
|
unkown image
|
page readonly
|
|
|
|
7FF5C833B000
|
unkown image
|
page readonly
|
|
|
|
FFF000
|
stack
|
page read and write
|
|
|
|
2717000
|
unkown image
|
page readonly
|
|
|
|
3211000
|
unkown
|
page read and write
|
|
|
|
2B7F000
|
unkown image
|
page readonly
|
|
|
|
7DF5D6152000
|
unkown image
|
page readonly
|
|
|
|
7F550000
|
unkown image
|
page readonly
|
|
|
|
2A49000
|
unkown image
|
page readonly
|
|
|
|
27182B9A000
|
unkown
|
page read and write
|
|
|
|
31D0000
|
unkown
|
page read and write
|
|
|
|
2AB2000
|
unkown image
|
page readonly
|
|
|
|
7FF5C7D1E000
|
unkown image
|
page readonly
|
|
|
|
BE0000
|
unkown image
|
page readonly
|
|
|
|
2940000
|
heap private
|
page read and write
|
|
|
|
2A2C29D0000
|
unkown image
|
page readonly
|
|
|
|
7FF575FE1000
|
unkown image
|
page readonly
|
|
|
|
800000
|
unkown image
|
page readonly
|
|
|
|
3370000
|
heap private
|
page read and write
|
|
|
|
A70000
|
unkown image
|
page readonly
|
|
|
|
27182B9C000
|
unkown
|
page read and write
|
|
|
|
79D0000
|
unkown
|
page read and write
|
|
|
|
7FF5C84E1000
|
unkown image
|
page readonly
|
|
|
|
4EA0000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown image
|
page readonly
|
|
|
|
7F0000
|
unkown
|
page read and write
|
|
|
|
CC0000
|
unkown image
|
page readonly
|
|
|
|
960000
|
unkown image
|
page readonly
|
|
|
|
2AE4000
|
unkown image
|
page readonly
|
|
|
|
2B30000
|
unkown image
|
page readonly
|
|
|
|
27182B81000
|
unkown
|
page read and write
|
|
|
|
2718224A000
|
unkown
|
page read and write
|
|
|
|
2AFF000
|
unkown image
|
page readonly
|
|
|
|
2AF5000
|
unkown image
|
page readonly
|
|
|
|
263F52D0000
|
unkown image
|
page readonly
|
|
|
|
7FF50CE45000
|
unkown image
|
page readonly
|
|
|
|
7FF50CECD000
|
unkown image
|
page readonly
|
|
|
|
7DF51AC40000
|
unkown image
|
page readonly
|
|
|
|
27182B82000
|
unkown
|
page read and write
|
|
|
|
7FF575FC4000
|
unkown image
|
page readonly
|
|
|
|
2D38000
|
unkown
|
page read and write
|
|
|
|
27182B6D000
|
unkown
|
page read and write
|
|
|
|
7FF516021000
|
unkown image
|
page readonly
|
|
|
|
7FF51619A000
|
unkown image
|
page readonly
|
|
|
|
7FF575DAD000
|
unkown image
|
page readonly
|
|
|
|
27182B54000
|
unkown
|
page read and write
|
|
|
|
78AE000
|
stack
|
page read and write
|
|
|
|
7FF50CEB7000
|
unkown image
|
page readonly
|
|
|
|
7FF50CDCF000
|
unkown image
|
page readonly
|
|
|
|
2CF1000
|
unkown
|
page read and write
|
|
|
|
29E8DB02000
|
unkown
|
page read and write
|
|
|
|
C0F80FF000
|
stack
|
page read and write
|
|
|
|
7F7F2000
|
unkown image
|
page readonly
|
|
|
|
27182213000
|
unkown
|
page read and write
|
|
|
|
786F000
|
stack
|
page read and write
|
|
|
|
2F0D000
|
unkown
|
page read and write
|
|
|
|
3890000
|
unkown image
|
page readonly
|
|
|
|
2A1F000
|
unkown image
|
page readonly
|
|
|
|
7FF50CF0B000
|
unkown image
|
page readonly
|
|
|
|
FFD52000
|
unkown image
|
page readonly
|
|
|
|
2A2C3150000
|
unkown
|
page read and write
|
|
|
|
2EF1000
|
unkown
|
page read and write
|
|
|
|
29E8D9A0000
|
unkown image
|
page readonly
|
|
|
|
2EA0000
|
unkown
|
page read and write
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
CD0000
|
unkown image
|
page readonly
|
|
|
|
7FF515F70000
|
unkown image
|
page readonly
|
|
|
|
7FF5160B3000
|
unkown image
|
page readonly
|
|
|
|
7F492000
|
unkown image
|
page readonly
|
|
|
|
7FF50CAA7000
|
unkown image
|
page readonly
|
|
|
|
8B0000
|
unkown
|
page read and write
|
|
|
|
29E8DA3C000
|
unkown
|
page read and write
|
|
|
|
3401000
|
unkown
|
page read and write
|
|
|
|
27182B78000
|
unkown
|
page read and write
|
|
|
|
263F5049000
|
unkown
|
page read and write
|
|
|
|
7FF50CE1B000
|
unkown image
|
page readonly
|
|
|
|
7FF5C835B000
|
unkown image
|
page readonly
|
|
|
|
7FD30000
|
unkown image
|
page readonly
|
|
|
|
263F5113000
|
unkown
|
page read and write
|
|
|
|
29E8DB00000
|
unkown
|
page read and write
|
|
|
|
7FF50CF92000
|
unkown image
|
page readonly
|
|
|
|
3180000
|
unkown
|
page read and write
|
|
|
|
7FD32000
|
unkown image
|
page readonly
|
|
|
|
2BB8000
|
unkown image
|
page readonly
|
|
|
|
7FF575E35000
|
unkown image
|
page readonly
|
|
|
|
2F21000
|
unkown
|
page read and write
|
|
|
|
B50000
|
heap private
|
page read and write
|
|
|
|
CC7000
|
unkown
|
page execute and read and write
|
|
|
|
27182B26000
|
unkown
|
page read and write
|
|
|
|
516E000
|
stack
|
page read and write
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
2D40000
|
unkown image
|
page readonly
|
|
|
|
C20000
|
unkown image
|
page readonly
|
|
|
|
AB0000
|
heap default
|
page read and write
|
|
|
|
27182B84000
|
unkown
|
page read and write
|
|
|
|
7FF516172000
|
unkown image
|
page readonly
|
|
|
|
FFD60000
|
unkown image
|
page readonly
|
|
|
|
27182200000
|
unkown
|
page read and write
|
|
|
|
FFD70000
|
unkown image
|
page readonly
|
|
|
|
EFF000
|
stack
|
page read and write
|
|
|
|
7FF5C8403000
|
unkown image
|
page readonly
|
|
|
|
27182B8D000
|
unkown
|
page read and write
|
|
|
|
FFD70000
|
unkown image
|
page readonly
|
|
|
|
750000
|
unkown image
|
page read and write
|
|
|
|
A15000
|
heap default
|
page read and write
|
|
|
|
7FF5C843E000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
7FF516117000
|
unkown image
|
page readonly
|
|
|
|
27182B6C000
|
unkown
|
page read and write
|
|
|
|
2794D640000
|
unkown image
|
page readonly
|
|
|
|
7FF5C83C3000
|
unkown image
|
page readonly
|
|
|
|
33DA000
|
heap default
|
page read and write
|
|
|
|
27182B98000
|
unkown
|
page read and write
|
|
|
|
27182B82000
|
unkown
|
page read and write
|
|
|
|
271822A1000
|
unkown
|
page read and write
|
|
|
|
7DF583C60000
|
unkown image
|
page readonly
|
|
|
|
7F800000
|
unkown image
|
page readonly
|
|
|
|
D57097E000
|
stack
|
page read and write
|
|
|
|
2A55000
|
unkown image
|
page readonly
|
|
|
|
7FF50CFC1000
|
unkown image
|
page readonly
|
|
|
|
337A000
|
heap private
|
page read and write
|
|
|
|
2B18000
|
unkown image
|
page readonly
|
|
|
|
7FF50CE2C000
|
unkown image
|
page readonly
|
|
|
|
6F0000
|
unkown image
|
page read and write
|
|
|
|
800000
|
unkown image
|
page readonly
|
|
|
|
D8B52FC000
|
stack
|
page read and write
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
7DF523E12000
|
unkown image
|
page readonly
|
|
|
|
7F570000
|
unkown image
|
page readonly
|
|
|
|
4CEF000
|
stack
|
page read and write
|
|
|
|
27182170000
|
unkown
|
page read and write
|
|
|
|
BD0000
|
unkown image
|
page readonly
|
|
|
|
FFD50000
|
unkown image
|
page readonly
|
|
|
|
27182316000
|
unkown
|
page read and write
|
|
|
|
7FF5C8226000
|
unkown image
|
page readonly
|
|
|
|
3375000
|
heap default
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
2A46000
|
unkown image
|
page readonly
|
|
|
|
7FF50CF3D000
|
unkown image
|
page readonly
|
|
|
|
7FF50CEE3000
|
unkown image
|
page readonly
|
|
|
|
7FF5C8231000
|
unkown image
|
page readonly
|
|
|
|
2ADF000
|
unkown image
|
page readonly
|
|
|
|
593E000
|
stack
|
page read and write
|
|
|
|
944000
|
unkown
|
page read and write
|
|
|
|
2AE4000
|
unkown image
|
page readonly
|
|
|
|
324A000
|
heap private
|
page read and write
|
|
|
|
2D2C000
|
unkown
|
page read and write
|
|
|
|
7FF50CEE0000
|
unkown image
|
page readonly
|
|
|
|
7FF50CF3A000
|
unkown image
|
page readonly
|
|
|
|
7FF575EED000
|
unkown image
|
page readonly
|
|
|
|
28A0000
|
heap private
|
page execute and read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
2A95000
|
unkown image
|
page readonly
|
|
|
|
2B18000
|
unkown image
|
page readonly
|
|
|
|
2E00000
|
heap default
|
page read and write
|
|
|
|
79B000
|
unkown
|
page read and write
|
|
|
|
CBB000
|
unkown
|
page read and write
|
|
|
|
2F31000
|
unkown
|
page read and write
|
|
|
|
7FF5160F3000
|
unkown image
|
page readonly
|
|
|
|
27182252000
|
unkown
|
page read and write
|
|
|
|
27182BA9000
|
unkown
|
page read and write
|
|
|
|
5320000
|
heap private
|
page read and write
|
|
|
|
2AD1000
|
unkown image
|
page readonly
|
|
|
|
7FF50CD46000
|
unkown image
|
page readonly
|
|
|
|
7FF515FAF000
|
unkown image
|
page readonly
|
|
|
|
7F4A0000
|
unkown image
|
page readonly
|
|
|
|
7FF55A630000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
7FF55A61D000
|
unkown image
|
page readonly
|
|
|
|
7FEA2000
|
unkown image
|
page readonly
|
|
|
|
7FF575D66000
|
unkown image
|
page readonly
|
|
|
|
2A0E000
|
unkown image
|
page readonly
|
|
|
|
27182BA3000
|
unkown
|
page read and write
|
|
|
|
7FEA2000
|
unkown image
|
page readonly
|
|
|
|
D570AFE000
|
stack
|
page read and write
|
|
|
|
AA0000
|
unkown
|
page read and write
|
|
|
|
7DF568380000
|
unkown image
|
page readonly
|
|
|
|
7FF55A70A000
|
unkown image
|
page readonly
|
|
|
|
29E8DA8B000
|
unkown
|
page read and write
|
|
|
|
3850000
|
unkown image
|
page readonly
|
|
|
|
7FDA0000
|
unkown image
|
page readonly
|
|
|
|
2794D3A0000
|
unkown
|
page read and write
|
|
|
|
2B2B000
|
unkown image
|
page readonly
|
|
|
|
27182B98000
|
unkown
|
page read and write
|
|
|
|
7FF5C7FC1000
|
unkown image
|
page readonly
|
|
|
|
7DF51AC32000
|
unkown image
|
page readonly
|
|
|
|
29DD000
|
unkown image
|
page readonly
|
|
|
|
271821F0000
|
unkown image
|
page read and write
|
|
|
|
27182400000
|
unkown image
|
page readonly
|
|
|
|
7FF5C845A000
|
unkown image
|
page readonly
|
|
|
|
2A2C2A87000
|
unkown
|
page read and write
|
|
|
|
7FF50CFC1000
|
unkown image
|
page readonly
|
|
|
|
7FF5C83E9000
|
unkown image
|
page readonly
|
|
|
|
27182B6D000
|
unkown
|
page read and write
|
|
|
|
7FF5C7E4B000
|
unkown image
|
page readonly
|
|
|
|
2717000
|
unkown image
|
page readonly
|
|
|
|
7F480000
|
unkown image
|
page readonly
|
|
|
|
7FF51600C000
|
unkown image
|
page readonly
|
|
|
|
7DF583C60000
|
unkown image
|
page readonly
|
|
|
|
2EC0000
|
heap default
|
page read and write
|
|
|
|
36D0000
|
unkown image
|
page readonly
|
|
|
|
297D000
|
unkown image
|
page readonly
|
|
|
|
7FF5C82EF000
|
unkown image
|
page readonly
|
|
|
|
27182B78000
|
unkown
|
page read and write
|
|
|
|
2EF1000
|
unkown
|
page read and write
|
|
|
|
27182BA9000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
7DF5D6160000
|
unkown image
|
page readonly
|
|
|
|
7FF515F26000
|
unkown image
|
page readonly
|
|
|
|
7F490000
|
unkown image
|
page readonly
|
|
|
|
7FF5C83CE000
|
unkown image
|
page readonly
|
|
|
|
271822D4000
|
unkown
|
page read and write
|
|
|
|
27182BA3000
|
unkown
|
page read and write
|
|
|
|
D50000
|
unkown
|
page read and write
|
|
|
|
263F4EE0000
|
unkown image
|
page readonly
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
2BB8000
|
unkown image
|
page readonly
|
|
|
|
7DF568380000
|
unkown image
|
page readonly
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
2D70000
|
unkown
|
page read and write
|
|
|
|
502D000
|
stack
|
page read and write
|
|
|
|
2A98000
|
unkown image
|
page readonly
|
|
|
|
2A2C29A0000
|
unkown image
|
page readonly
|
|
|
|
7FF5C7E47000
|
unkown image
|
page readonly
|
|
|
|
7F480000
|
unkown image
|
page readonly
|
|
|
|
7FF575EEF000
|
unkown image
|
page readonly
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
2B84000
|
unkown image
|
page readonly
|
|
|
|
4CAE000
|
stack
|
page read and write
|
|
|
|
C14000
|
heap private
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
297F000
|
unkown image
|
page readonly
|
|
|
|
2A31000
|
unkown image
|
page readonly
|
|
|
|
27182B82000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
2D2A000
|
unkown
|
page read and write
|
|
|
|
D570BFB000
|
stack
|
page read and write
|
|
|
|
7FF575EF3000
|
unkown image
|
page readonly
|
|
|
|
7FF5C78F4000
|
unkown image
|
page readonly
|
|
|
|
4F2E000
|
stack
|
page read and write
|
|
|
|
7F810000
|
unkown image
|
page readonly
|
|
|
|
33D0000
|
heap default
|
page read and write
|
|
|
|
33F8000
|
unkown
|
page read and write
|
|
|
|
782E000
|
stack
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
7DF51AC32000
|
unkown image
|
page readonly
|
|
|
|
263F5070000
|
unkown
|
page read and write
|
|
|
|
7FF55A6FA000
|
unkown image
|
page readonly
|
|
|
|
7DF523E10000
|
unkown image
|
page readonly
|
|
|
|
3414000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown image
|
page readonly
|
|
|
|
27182B6C000
|
unkown
|
page read and write
|
|
|
|
27182B8D000
|
unkown
|
page read and write
|
|
|
|
7FF5C8391000
|
unkown image
|
page readonly
|
|
|
|
7FF575F33000
|
unkown image
|
page readonly
|
|
|
|
ABB000
|
heap default
|
page read and write
|
|
|
|
A60000
|
unkown image
|
page read and write
|
|
|
|
29CA000
|
unkown image
|
page readonly
|
|
|
|
7F492000
|
unkown image
|
page readonly
|
|
|
|
2A2C2A5A000
|
unkown
|
page read and write
|
|
|
|
552F000
|
stack
|
page read and write
|
|
|
|
2BAC000
|
unkown image
|
page readonly
|
|
|
|
7DF583C40000
|
unkown image
|
page readonly
|
|
|
|
7FF50CFB1000
|
unkown image
|
page readonly
|
|
|
|
27182B78000
|
unkown
|
page read and write
|
|
|
|
7DF5D6140000
|
unkown image
|
page readonly
|
|
|
|
7F552000
|
unkown image
|
page readonly
|
|
|
|
2911000
|
unkown image
|
page readonly
|
|
|
|
27182B9A000
|
unkown
|
page read and write
|
|
|
|
27182B6A000
|
unkown
|
page read and write
|
|
|
|
7DF523E02000
|
unkown image
|
page readonly
|
|
|
|
7FEC0000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
31F5000
|
heap default
|
page read and write
|
|
|
|
2EE4000
|
unkown
|
page read and write
|
|
|
|
2F44000
|
unkown
|
page read and write
|
|
|
|
7DF481B10000
|
unkown image
|
page readonly
|
|
|
|
293D000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
27182B6D000
|
unkown
|
page read and write
|
|
|
|
959000
|
unkown
|
page read and write
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
7FF55A623000
|
unkown image
|
page readonly
|
|
|
|
7FF575DCB000
|
unkown image
|
page readonly
|
|
|
|
D5708FE000
|
stack
|
page read and write
|
|
|
|
27182258000
|
unkown
|
page read and write
|
|
|
|
2911000
|
unkown image
|
page readonly
|
|
|
|
7FF5C8417000
|
unkown image
|
page readonly
|
|
|
|
27182249000
|
unkown
|
page read and write
|
|
|
|
A70000
|
unkown image
|
page readonly
|
|
|
|
85C000
|
unkown
|
page read and write
|
|
|
|
7FC30000
|
unkown image
|
page readonly
|
|
|
|
3C20000
|
unkown image
|
page readonly
|
|
|
|
956000
|
unkown
|
page read and write
|
|
|
|
2A9B000
|
unkown image
|
page readonly
|
|
|
|
2B3B000
|
unkown image
|
page readonly
|
|
|
|
7F482000
|
unkown image
|
page readonly
|
|
|
|
700000
|
unkown image
|
page readonly
|
|
|
|
2F24000
|
heap default
|
page read and write
|
|
|
|
58F0000
|
unkown image
|
page readonly
|
|
|
|
7FF55A705000
|
unkown image
|
page readonly
|
|
|
|
7F492000
|
unkown image
|
page readonly
|
|
|
|
527E000
|
stack
|
page read and write
|
|
|
|
B57000
|
heap private
|
page read and write
|
|
|
|
AEC000
|
heap default
|
page read and write
|
|
|
|
7FF515E25000
|
unkown image
|
page readonly
|
|
|
|
7FF575E65000
|
unkown image
|
page readonly
|
|
|
|
2ECA000
|
heap default
|
page read and write
|
|
|
|
263F4F60000
|
unkown
|
page read and write
|
|
|
|
7FF50CFAA000
|
unkown image
|
page readonly
|
|
|
|
CCB000
|
unkown
|
page execute and read and write
|
|
|
|
284E000
|
stack
|
page read and write
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
7FF55A66E000
|
unkown image
|
page readonly
|
|
|
|
D10000
|
unkown
|
page read and write
|
|
|
|
7DF51AC30000
|
unkown image
|
page readonly
|
|
|
|
D8B54F7000
|
stack
|
page read and write
|
|
|
|
970000
|
unkown image
|
page readonly
|
|
|
|
7F482000
|
unkown image
|
page readonly
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
7D0000
|
unkown image
|
page readonly
|
|
|
|
33BF000
|
heap default
|
page read and write
|
|
|
|
7FF50CC45000
|
unkown image
|
page readonly
|
|
|
|
2A49000
|
unkown image
|
page readonly
|
|
|
|
27183102000
|
unkown
|
page read and write
|
|
|
|
7FF50CEF7000
|
unkown image
|
page readonly
|
|
|
|
7F492000
|
unkown image
|
page readonly
|
|
|
|
7FF5160AD000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
D8B57FF000
|
stack
|
page read and write
|
|
|
|
C82000
|
unkown
|
page execute and read and write
|
|
|
|
7FF5C81EB000
|
unkown image
|
page readonly
|
|
|
|
52BE000
|
stack
|
page read and write
|
|
|
|
2718224B000
|
unkown
|
page read and write
|
|
|
|
7F7F0000
|
unkown image
|
page readonly
|
|
|
|
2EE1000
|
unkown
|
page read and write
|
|
|
|
B40000
|
unkown
|
page read and write
|
|
|
|
2AE6000
|
unkown image
|
page readonly
|
|
|
|
7FF5C8295000
|
unkown image
|
page readonly
|
|
|
|
2B46000
|
unkown image
|
page readonly
|
|
|
|
7FF575FCA000
|
unkown image
|
page readonly
|
|
|
|
4E8E000
|
stack
|
page read and write
|
|
|
|
2D0E000
|
unkown
|
page read and write
|
|
|
|
C9C000
|
unkown
|
page execute and read and write
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
29E8D9F0000
|
heap default
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
4A30000
|
heap private
|
page read and write
|
|
|
|
9C0000
|
unkown
|
page read and write
|
|
|
|
2985000
|
unkown image
|
page readonly
|
|
|
|
C10000
|
heap private
|
page read and write
|
|
|
|
2A90000
|
unkown image
|
page readonly
|
|
|
|
D570EFF000
|
stack
|
page read and write
|
|
|
|
7F7F0000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
7FF575EE9000
|
unkown image
|
page readonly
|
|
|
|
2DD0000
|
unkown image
|
page readonly
|
|
|
|
2A36000
|
unkown image
|
page readonly
|
|
|
|
7F802000
|
unkown image
|
page readonly
|
|
|
|
2A2C29F0000
|
heap default
|
page read and write
|
|
|
|
2D02000
|
unkown
|
page read and write
|
|
|
|
2986000
|
unkown image
|
page readonly
|
|
|
|
7FF55A663000
|
unkown image
|
page readonly
|
|
|
|
263F5000000
|
unkown
|
page read and write
|
|
|
|
7FF516191000
|
unkown image
|
page readonly
|
|
|
|
27183100000
|
unkown
|
page read and write
|
|
|
|
33E6000
|
heap default
|
page read and write
|
|
|
|
2794D386000
|
unkown
|
page read and write
|
|
|
|
7FF50CC49000
|
unkown image
|
page readonly
|
|
|
|
29E8DED0000
|
unkown image
|
page readonly
|
|
|
|
7FF5160D7000
|
unkown image
|
page readonly
|
|
|
|
7FF575FB2000
|
unkown image
|
page readonly
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
2A86000
|
unkown image
|
page readonly
|
|
|
|
27183163000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
307B000
|
unkown
|
page read and write
|
|
|
|
7DF583C50000
|
unkown image
|
page readonly
|
|
|
|
5A50000
|
unkown image
|
page readonly
|
|
|
|
2A71000
|
unkown image
|
page readonly
|
|
|
|
2A2C2EE0000
|
unkown image
|
page readonly
|
|
|
|
2988000
|
unkown image
|
page readonly
|
|
|
|
7FF5C834C000
|
unkown image
|
page readonly
|
|
|
|
FFD70000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
2D13000
|
unkown
|
page read and write
|
|
|
|
2B24000
|
unkown image
|
page readonly
|
|
|
|
FFC50000
|
unkown image
|
page readonly
|
|
|
|
2B58000
|
unkown image
|
page readonly
|
|
|
|
338B000
|
heap default
|
page read and write
|
|
|
|
C2F43FB000
|
stack
|
page read and write
|
|
|
|
2AAD000
|
unkown image
|
page readonly
|
|
|
|
27182BCD000
|
unkown
|
page read and write
|
|
|
|
2A89000
|
unkown image
|
page readonly
|
|
|
|
FA0000
|
heap private
|
page read and write
|
|
|
|
7D0000
|
unkown image
|
page readonly
|
|
|
|
7DF523E00000
|
unkown image
|
page readonly
|
|
|
|
7FF5C80B7000
|
unkown image
|
page readonly
|
|
|
|
C2F3FAE000
|
stack
|
page read and write
|
|
|
|
D57087B000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown image
|
page readonly
|
|
|
|
7FF5C8165000
|
unkown image
|
page readonly
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
D20000
|
unkown
|
page read and write
|
|
|
|
2794D2A0000
|
unkown image
|
page readonly
|
|
|
|
3A90000
|
unkown image
|
page readonly
|
|
|
|
4CF0000
|
unkown
|
page read and write
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
326E000
|
stack
|
page read and write
|
|
|
|
7FF5C84D1000
|
unkown image
|
page readonly
|
|
|
|
C7A000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
A70000
|
unkown image
|
page readonly
|
|
|
|
7F562000
|
unkown image
|
page readonly
|
|
|
|
7FF575C65000
|
unkown image
|
page readonly
|
|
|
|
D8B55FC000
|
stack
|
page read and write
|
|
|
|
7F490000
|
unkown image
|
page readonly
|
|
|
|
7FF50CF37000
|
unkown image
|
page readonly
|
|
|
|
4950000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
2ADA000
|
unkown image
|
page readonly
|
|
|
|
7FD32000
|
unkown image
|
page readonly
|
|
|
|
29E8DA29000
|
unkown
|
page read and write
|
|
|
|
2794D330000
|
unkown image
|
page read and write
|
|
|
|
3270000
|
heap default
|
page read and write
|
|
|
|
C2F4577000
|
stack
|
page read and write
|
|
|
|
7FF50CF1E000
|
unkown image
|
page readonly
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
2B91000
|
unkown image
|
page readonly
|
|
|
|
7FF5C84E0000
|
unkown image
|
page readonly
|
|
|
|
2A2C2A5F000
|
unkown
|
page read and write
|
|
|
|
27182B9A000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
2A2C2A64000
|
unkown
|
page read and write
|
|
|
|
7DF5D6142000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
7FF516025000
|
unkown image
|
page readonly
|
|
|
|
27183163000
|
unkown
|
page read and write
|
|
|
|
271822F7000
|
unkown
|
page read and write
|
|
|
|
7FF575E3B000
|
unkown image
|
page readonly
|
|
|
|
7FF5C8047000
|
unkown image
|
page readonly
|
|
|
|
BCB000
|
unkown
|
page read and write
|
|
|
|
2794D390000
|
unkown
|
page read and write
|
|
|
|
EC98979000
|
stack
|
page read and write
|
|
|
|
BE0000
|
unkown image
|
page readonly
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
27182BBC000
|
unkown
|
page read and write
|
|
|
|
7DF51AC20000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
7FF515F6D000
|
unkown image
|
page readonly
|
|
|
|
2F28000
|
unkown
|
page read and write
|
|
|
|
A70000
|
unkown image
|
page readonly
|
|
|
|
7FF55A61F000
|
unkown image
|
page readonly
|
|
|
|
7FD42000
|
unkown image
|
page readonly
|
|
|
|
7FF55A711000
|
unkown image
|
page readonly
|
|
|
|
FFD52000
|
unkown image
|
page readonly
|
|
|
|
2A2C2B13000
|
unkown
|
page read and write
|
|
|
|
D8B4E8C000
|
unkown
|
page read and write
|
|
|
|
3377000
|
heap private
|
page read and write
|
|
|
|
D570F7F000
|
stack
|
page read and write
|
|
|
|
271821A0000
|
unkown image
|
page readonly
|
|
|
|
263F54D0000
|
unkown image
|
page readonly
|
|
|
|
7FF50CD71000
|
unkown image
|
page readonly
|
|
|
|
2AFB000
|
unkown image
|
page readonly
|
|
|
|
52AE000
|
stack
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
7FF5C84CA000
|
unkown image
|
page readonly
|
|
|
|
7FF50CF99000
|
unkown image
|
page readonly
|
|
|
|
2981000
|
unkown image
|
page readonly
|
|
|
|
7FD50000
|
unkown image
|
page readonly
|
|
|
|
29E8D9C0000
|
unkown image
|
page readonly
|
|
|
|
2AC1000
|
unkown image
|
page readonly
|
|
|
|
7FD40000
|
unkown image
|
page readonly
|
|
|
|
27182B80000
|
unkown
|
page read and write
|
|
|
|
7FF5161A1000
|
unkown image
|
page readonly
|
|
|
|
7FEA0000
|
unkown image
|
page readonly
|
|
|
|
E16000
|
unkown image
|
page readonly
|
|
|
|
2B8B000
|
unkown image
|
page readonly
|
|
|
|
7FF5C83ED000
|
unkown image
|
page readonly
|
|
|
|
FFD70000
|
unkown image
|
page readonly
|
|
|
|
2A2C2B08000
|
unkown
|
page read and write
|
|
|
|
27182000000
|
unkown image
|
page read and write
|
|
|
|
2794D390000
|
unkown
|
page read and write
|
|
|
|
27183002000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown image
|
page readonly
|
|
|
|
7FF515E29000
|
unkown image
|
page readonly
|
|
|
|
7DF5D6160000
|
unkown image
|
page readonly
|
|
|
|
7FF5753FA000
|
unkown image
|
page readonly
|
|
|
|
27182B9C000
|
unkown
|
page read and write
|
|
|
|
AFC000
|
unkown
|
page read and write
|
|
|
|
2A3A000
|
unkown image
|
page readonly
|
|
|
|
FFD52000
|
unkown image
|
page readonly
|
|
|
|
D570CFA000
|
stack
|
page read and write
|
|
|
|
7FF5C82B0000
|
unkown image
|
page readonly
|
|
|
|
263F5102000
|
unkown
|
page read and write
|
|
|
|
2B06000
|
unkown image
|
page readonly
|
|
|
|
FFD62000
|
unkown image
|
page readonly
|
|
|
|
7FF50CD90000
|
unkown image
|
page readonly
|
|
|
|
7DF523E00000
|
unkown image
|
page readonly
|
|
|
|
3247000
|
heap private
|
page read and write
|
|
|
|
27182B6F000
|
unkown
|
page read and write
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
2AB6000
|
unkown image
|
page readonly
|
|
|
|
7F552000
|
unkown image
|
page readonly
|
|
|
|
263F503C000
|
unkown
|
page read and write
|
|
|
|
263F5069000
|
unkown
|
page read and write
|
|
|
|
2FA8000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
2A2C2A7B000
|
unkown
|
page read and write
|
|
|
|
2D47000
|
unkown
|
page read and write
|
|
|
|
D00000
|
heap default
|
page read and write
|
|
|
|
2D1B000
|
unkown
|
page read and write
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
2794D39F000
|
unkown
|
page read and write
|
|
|
|
2EE8000
|
unkown
|
page read and write
|
|
|
|
27183002000
|
unkown
|
page read and write
|
|
|
|
C20000
|
unkown image
|
page readonly
|
|
|
|
4EB0000
|
unkown
|
page execute and read and write
|
|
|
|
29E8DA4B000
|
unkown
|
page read and write
|
|
|
|
2DE0000
|
unkown image
|
page readonly
|
|
|
|
E16000
|
unkown image
|
page readonly
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
7FF575F5D000
|
unkown image
|
page readonly
|
|
|
|
29E8DB08000
|
unkown
|
page read and write
|
|
|
|
27183102000
|
unkown
|
page read and write
|
|
|
|
7DF5D6140000
|
unkown image
|
page readonly
|
|
|
|
2B58000
|
unkown image
|
page readonly
|
|
|
|
27182280000
|
unkown
|
page read and write
|
|
|
|
2F4D000
|
unkown
|
page read and write
|
|
|
|
7FF5C82F2000
|
unkown image
|
page readonly
|
|
|
|
27182B83000
|
unkown
|
page read and write
|
|
|
|
2DE0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown image
|
page readonly
|
|
|
|
2F31000
|
unkown
|
page read and write
|
|
|
|
BEE000
|
stack
|
page read and write
|
|
|
|
263F5108000
|
unkown
|
page read and write
|
|
|
|
29E8DCD0000
|
unkown image
|
page readonly
|
|
|
|
27182B98000
|
unkown
|
page read and write
|
|
|
|
263F5650000
|
unkown image
|
page readonly
|
|
|
|
31C4000
|
heap private
|
page read and write
|
|
|
|
7FF5160C0000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
7FF55A701000
|
unkown image
|
page readonly
|
|
|
|
33C0000
|
unkown
|
page read and write
|
|
|
|
4EC0000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
7FF5C82AD000
|
unkown image
|
page readonly
|
|
|
|
5F0000
|
unkown image
|
page read and write
|
|
|
|
B30000
|
unkown image
|
page readonly
|
|
|
|
7FF5C8433000
|
unkown image
|
page readonly
|
|
|
|
2A7B000
|
unkown image
|
page readonly
|
|
|
|
27182B7D000
|
unkown
|
page read and write
|
|
|
|
2B0C000
|
unkown image
|
page readonly
|
|
|
|
29E5000
|
unkown image
|
page readonly
|
|
|
|
7DF583C42000
|
unkown image
|
page readonly
|
|
|
|
7DF568382000
|
unkown image
|
page readonly
|
|
|
|
291D000
|
unkown image
|
page readonly
|
|
|
|
E16000
|
unkown image
|
page readonly
|
|
|
|
7FF5160FE000
|
unkown image
|
page readonly
|
|
|
|
27182308000
|
unkown
|
page read and write
|
|
|
|
293D000
|
unkown image
|
page readonly
|
|
|
|
7FF575E4C000
|
unkown image
|
page readonly
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
D8B4F8F000
|
stack
|
page read and write
|
|
|
|
7FF51611D000
|
unkown image
|
page readonly
|
|
|
|
7FF515F8B000
|
unkown image
|
page readonly
|
|
|
|
2A2C2A3C000
|
unkown
|
page read and write
|
|
|
|
7DF51AC40000
|
unkown image
|
page readonly
|
|
|
|
33FC000
|
unkown
|
page read and write
|
|
|
|
7FF5C78FA000
|
unkown image
|
page readonly
|
|
|
|
FFD62000
|
unkown image
|
page readonly
|
|
|
|
7DF568372000
|
unkown image
|
page readonly
|
|
|
|
2A2C2A6D000
|
unkown
|
page read and write
|
|
|
|
7FF575E61000
|
unkown image
|
page readonly
|
|
|
|
28AE000
|
unkown image
|
page readonly
|
|
|
|
7FF55A6E9000
|
unkown image
|
page readonly
|
|
|
|
263F4ED0000
|
heap private
|
page read and write
|
|
|
|
770000
|
unkown image
|
page readonly
|
|
|
|
103E000
|
stack
|
page read and write
|
|
|
|
7F450000
|
unkown image
|
page readonly
|
|
|
|
2945000
|
unkown image
|
page readonly
|
|
|
|
7F550000
|
unkown image
|
page readonly
|
|
|
|
27182BA9000
|
unkown
|
page read and write
|
|
|
|
271821E0000
|
unkown
|
page read and write
|
|
|
|
63C0000
|
unkown image
|
page readonly
|
|
|
|
271822E8000
|
unkown
|
page read and write
|
|
|
|
11B0000
|
unkown image
|
page readonly
|
|
|
|
7F482000
|
unkown image
|
page readonly
|
|
|
|
2951000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
2B18000
|
unkown image
|
page readonly
|
|
|
|
27182B00000
|
unkown
|
page read and write
|
|
|
|
2794D360000
|
heap default
|
page read and write
|
|
|
|
271822C5000
|
unkown
|
page read and write
|
|
|
|
2AEB000
|
unkown image
|
page readonly
|
|
|
|
2A31000
|
unkown image
|
page readonly
|
|
|
|
7FF5C84DA000
|
unkown image
|
page readonly
|
|
|
|
7FF5C8407000
|
unkown image
|
page readonly
|
|
|
|
7DF568370000
|
unkown image
|
page readonly
|
|
|
|
2A7B000
|
unkown image
|
page readonly
|
|
|
|
2A2C29C0000
|
unkown image
|
page readonly
|
|
|
|
7E0000
|
unkown image
|
page readonly
|
|
|
|
27182BDB000
|
unkown
|
page read and write
|
|
|
|
FFD50000
|
unkown image
|
page readonly
|
|
|
|
7DF523E12000
|
unkown image
|
page readonly
|
|
|
|
700000
|
unkown image
|
page readonly
|
|
|
|
29E8DA70000
|
unkown
|
page read and write
|
|
|
|
27182B98000
|
unkown
|
page read and write
|
|
|
|
7DF583C52000
|
unkown image
|
page readonly
|
|
|
|
2A2C2A6D000
|
unkown
|
page read and write
|
|
|
|
5A3E000
|
stack
|
page read and write
|
|
|
|
51AE000
|
stack
|
page read and write
|
|
|
|
27182050000
|
unkown image
|
page readonly
|
|
|
|
2794D2E0000
|
unkown
|
page read and write
|
|
|
|
29E8E060000
|
unkown image
|
page readonly
|
|
|
|
3222000
|
unkown
|
page read and write
|
|
|
|
2794D372000
|
unkown
|
page read and write
|
|
|
|
7FF575AC7000
|
unkown image
|
page readonly
|
|
|
|
3320000
|
heap private
|
page read and write
|
|
|
|
2A9B000
|
unkown image
|
page readonly
|
|
|
|
7F802000
|
unkown image
|
page readonly
|
|
|
|
7FF5C8169000
|
unkown image
|
page readonly
|
|
|
|
2718224D000
|
unkown
|
page read and write
|
|
|
|
5A60000
|
unkown
|
page read and write
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
271822A8000
|
unkown
|
page read and write
|
|
|
|
2DE0000
|
unkown
|
page read and write
|
|
|
|
2A5F000
|
unkown image
|
page readonly
|
|
|
|
271821E0000
|
unkown
|
page read and write
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
2A5F000
|
unkown image
|
page readonly
|
|
|
|
2794D840000
|
unkown image
|
page readonly
|
|
|
|
27182B62000
|
unkown
|
page read and write
|
|
|
|
27182B82000
|
unkown
|
page read and write
|
|
|
|
2BB8000
|
unkown image
|
page readonly
|
|
|
|
271822E1000
|
unkown
|
page read and write
|
|
|
|
7FF5160EB000
|
unkown image
|
page readonly
|
|
|
|
7FF55A399000
|
unkown image
|
page readonly
|
|
|
|
29E8D990000
|
heap private
|
page read and write
|
|
|
|
295D000
|
unkown image
|
page readonly
|
|
|
|
7FEB0000
|
unkown image
|
page readonly
|
|
|
|
33F8000
|
unkown
|
page read and write
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
27183002000
|
unkown
|
page read and write
|
|
|
|
7DF583C52000
|
unkown image
|
page readonly
|
|
|
|
27182255000
|
unkown
|
page read and write
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
2BA6000
|
unkown image
|
page readonly
|
|
|
|
7FF55A6E2000
|
unkown image
|
page readonly
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
27182020000
|
unkown image
|
page readonly
|
|
|
|
D10000
|
unkown
|
page read and write
|
|
|
|
C2F3EAB000
|
unkown
|
page read and write
|
|
|
|
7FF5C842B000
|
unkown image
|
page readonly
|
|
|
|
7FF575F2B000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
27182B78000
|
unkown
|
page read and write
|
|
|
|
7FF51618A000
|
unkown image
|
page readonly
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
3401000
|
unkown
|
page read and write
|
|
|
|
3350000
|
heap default
|
page read and write
|
|
|
|
27182253000
|
unkown
|
page read and write
|
|
|
|
27182B6D000
|
unkown
|
page read and write
|
|
|
|
2AAE000
|
unkown image
|
page readonly
|
|
|
|
2F2C000
|
unkown
|
page read and write
|
|
|
|
4ED0000
|
unkown image
|
page readonly
|
|
|
|
7FF5C81B2000
|
unkown image
|
page readonly
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
2BB8000
|
unkown image
|
page readonly
|
|
|
|
7FF5C8266000
|
unkown image
|
page readonly
|
|
|
|
7CC000
|
unkown
|
page read and write
|
|
|
|
27182780000
|
unkown image
|
page readonly
|
|
|
|
7FF5C7D22000
|
unkown image
|
page readonly
|
|
|
|
1140000
|
unkown image
|
page readonly
|
|
|
|
7FF5160C7000
|
unkown image
|
page readonly
|
|
|
|
7FF5C84B2000
|
unkown image
|
page readonly
|
|
|
|
2EEC000
|
unkown
|
page read and write
|
|
|
|
7FD40000
|
unkown image
|
page readonly
|
|
|
|
7DF418AF0000
|
unkown image
|
page readonly
|
|
|
|
7DF583C40000
|
unkown image
|
page readonly
|
|
|
|
3365000
|
heap default
|
page read and write
|
|
|
|
2D36000
|
unkown
|
page read and write
|
|
|
|
7FF5C83D7000
|
unkown image
|
page readonly
|
|
|
|
2DB0000
|
unkown image
|
page readonly
|
|
|
|
7DF523E10000
|
unkown image
|
page readonly
|
|
|
|
7FF5160CE000
|
unkown image
|
page readonly
|
|
|
|
7FF575F03000
|
unkown image
|
page readonly
|
|
|
|
ACD000
|
unkown
|
page read and write
|
|
|
|
C2F467F000
|
stack
|
page read and write
|
|
|
|
27182B9F000
|
unkown
|
page read and write
|
|
|
|
7FF515F51000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
31F0000
|
heap default
|
page read and write
|
|
|
|
2757000
|
unkown image
|
page readonly
|
|
|
|
2794D9C0000
|
unkown image
|
page readonly
|
|
|
|
7FF575F5A000
|
unkown image
|
page readonly
|
|
|
|
7FF50CFA4000
|
unkown image
|
page readonly
|
|
|
|
D8B4F0E000
|
stack
|
page read and write
|
|
|
|
D8B53FB000
|
stack
|
page read and write
|
|
|
|
2B53000
|
unkown image
|
page readonly
|
|
|
|
7FF575FB9000
|
unkown image
|
page readonly
|
|
|
|
27182256000
|
unkown
|
page read and write
|
|
|
|
7FD30000
|
unkown image
|
page readonly
|
|
|
|
1330000
|
unkown image
|
page readonly
|
|
|
|
27182229000
|
unkown
|
page read and write
|
|
|
|
7E50000
|
unkown
|
page read and write
|
|
|
|
FFD50000
|
unkown image
|
page readonly
|
|
|
|
7DF51AC20000
|
unkown image
|
page readonly
|
|
|
|
7BA0000
|
unkown
|
page read and write
|
|
|
|
CB2000
|
unkown
|
page execute and read and write
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
7D0000
|
unkown image
|
page readonly
|
|
|
|
7FF5C838F000
|
unkown image
|
page readonly
|
|
|
|
7FF5160AF000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
7FF5C8365000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
78F0000
|
unkown
|
page read and write
|
|
|
|
2A2C2A13000
|
unkown
|
page read and write
|
|
|
|
2EF1000
|
unkown
|
page read and write
|
|
|
|
27183000000
|
unkown
|
page read and write
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
27182289000
|
unkown
|
page read and write
|
|
|
|
27182B69000
|
unkown
|
page read and write
|
|
|
|
29E8DA82000
|
unkown
|
page read and write
|
|
|
|
263F4F40000
|
unkown image
|
page readonly
|
|
|
|
2A5F000
|
unkown image
|
page readonly
|
|
|
|
A38000
|
unkown
|
page read and write
|
|
|
|
BD0000
|
unkown image
|
page readonly
|
|
|
|
2D3C000
|
unkown
|
page read and write
|
|
|
|
2FD8000
|
unkown
|
page read and write
|
|
|
|
29E8DA00000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
7DF568382000
|
unkown image
|
page readonly
|
|
|
|
7FF575DB0000
|
unkown image
|
page readonly
|
|
|
|
770000
|
unkown image
|
page readonly
|
|
|
|
7FF575AC1000
|
unkown image
|
page readonly
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
27182BCE000
|
unkown
|
page read and write
|
|
|
|
7DF51AC30000
|
unkown image
|
page readonly
|
|
|
|
27182B6F000
|
unkown
|
page read and write
|
|
|
|
2A9F000
|
unkown image
|
page readonly
|
|
|
|
7FF55A68A000
|
unkown image
|
page readonly
|
|
|
|
FFD70000
|
unkown image
|
page readonly
|
|
|
|
7DF5D6142000
|
unkown image
|
page readonly
|
|
|
|
27182313000
|
unkown
|
page read and write
|
|
|
|
28E0000
|
unkown
|
page read and write
|
|
|
|
FFD62000
|
unkown image
|
page readonly
|
|
|
|
2B1B000
|
unkown image
|
page readonly
|
|
|
|
2718224C000
|
unkown
|
page read and write
|
|
|
|
27182B77000
|
unkown
|
page read and write
|
|
|
|
29E8DEE0000
|
unkown image
|
page readonly
|
|
|
|
7FF55A6F4000
|
unkown image
|
page readonly
|
|
|
|
7FF50CEC9000
|
unkown image
|
page readonly
|
|
|
|
7DF568370000
|
unkown image
|
page readonly
|
|
|
|
2D2F000
|
unkown
|
page read and write
|
|
|
|
3200000
|
unkown
|
page read and write
|
|
|
|
A80000
|
unkown image
|
page read and write
|
|
|
|
27182B6D000
|
unkown
|
page read and write
|
|
|
|
27182B4E000
|
unkown
|
page read and write
|
|
|
|
7DF568390000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
29E8DA4D000
|
unkown
|
page read and write
|
|
|
|
2A2C2CD0000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
27182020000
|
unkown image
|
page readonly
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
2AFB000
|
unkown image
|
page readonly
|
|
|
|
288E000
|
stack
|
page read and write
|
|
|
|
27182B79000
|
unkown
|
page read and write
|
|
|
|
2F28000
|
unkown
|
page read and write
|
|
|
|
7F4A0000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
7FF50CD8D000
|
unkown image
|
page readonly
|
|
|
|
BD0000
|
unkown image
|
page readonly
|
|
|
|
263F4F30000
|
heap default
|
page read and write
|
|
|
|
7F810000
|
unkown image
|
page readonly
|
|
|
|
27182B8C000
|
unkown
|
page read and write
|
|
|
|
C90000
|
unkown
|
page read and write
|
|
|
|
263F4F00000
|
unkown image
|
page readonly
|
|
|
|
29B1000
|
unkown image
|
page readonly
|
|
|
|
27182B78000
|
unkown
|
page read and write
|
|
|
|
33F4000
|
heap default
|
page read and write
|
|
|
|
7FF51611A000
|
unkown image
|
page readonly
|
|
|
|
2794D635000
|
heap private
|
page read and write
|
|
|
|
D57117A000
|
stack
|
page read and write
|
|
|
|
2DCD000
|
stack
|
page read and write
|
|
|
|
263F504F000
|
unkown
|
page read and write
|
|
|
|
75A000
|
unkown
|
page read and write
|
|
|
|
291D000
|
unkown image
|
page readonly
|
|
|
|
29E8DB13000
|
unkown
|
page read and write
|
|
|
|
7F6F0000
|
unkown image
|
page readonly
|
|
|
|
2945000
|
unkown image
|
page readonly
|
|
|
|
322E000
|
stack
|
page read and write
|
|
|
|
2ADB000
|
unkown image
|
page readonly
|
|
|
|
FFD52000
|
unkown image
|
page readonly
|
|
|
|
7FF575C69000
|
unkown image
|
page readonly
|
|
|
|
2A2C2A00000
|
unkown
|
page read and write
|
|
|
|
7DF51AC22000
|
unkown image
|
page readonly
|
|
|
|
2794D390000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
3380000
|
unkown image
|
page readonly
|
|
|
|
7FF55A711000
|
unkown image
|
page readonly
|
|
|
|
27182B69000
|
unkown
|
page read and write
|
|
|
|
27182BBC000
|
unkown
|
page read and write
|
|
|
|
C8A000
|
unkown
|
page execute and read and write
|
|
|
|
FFD60000
|
unkown image
|
page readonly
|
|
|
|
2B4C000
|
unkown image
|
page readonly
|
|
|
|
2B1B000
|
unkown image
|
page readonly
|
|
|
|
2A3A000
|
unkown image
|
page readonly
|
|
|
|
2A4E000
|
unkown image
|
page readonly
|
|
|
|
7DF466240000
|
unkown image
|
page readonly
|
|
|
|
27182600000
|
unkown image
|
page readonly
|
|
|
|
7FF55A65B000
|
unkown image
|
page readonly
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
28CD000
|
unkown image
|
page readonly
|
|
|
|
D40000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
EC989FE000
|
stack
|
page read and write
|
|
|
|
3090000
|
unkown image
|
page readonly
|
|
|
|
7F480000
|
unkown image
|
page readonly
|
|
|
|
2A46000
|
unkown image
|
page readonly
|
|
|
|
27182302000
|
unkown
|
page read and write
|
|
|
|
29E8DA13000
|
unkown
|
page read and write
|
|
|
|
27182B6B000
|
unkown
|
page read and write
|
|
|
|
28CD000
|
unkown image
|
page readonly
|
|
|
|
27182BCD000
|
unkown
|
page read and write
|
|
|
|
7DF568390000
|
unkown image
|
page readonly
|
|
|
|
7FF5C8224000
|
unkown image
|
page readonly
|
|
|
|
2B0D000
|
unkown image
|
page readonly
|
|
|
|
7F570000
|
unkown image
|
page readonly
|
|
|
|
27182B97000
|
unkown
|
page read and write
|
|
|
|
7FF50CF13000
|
unkown image
|
page readonly
|
|
|
|
5530000
|
unkown
|
page read and write
|
|
|
|
335C000
|
heap default
|
page read and write
|
|
|
|
29E8DA4F000
|
unkown
|
page read and write
|
|
|
|
27182B6E000
|
unkown
|
page read and write
|
|
|
|
2A2C2A52000
|
unkown
|
page read and write
|
|
|
|
2F0D000
|
unkown
|
page read and write
|
|
|
|
33F5000
|
unkown
|
page read and write
|
|
|
|
CDE000
|
stack
|
page read and write
|
|
|
|
2945000
|
heap private
|
page read and write
|
|
|
|
7FF5C8049000
|
unkown image
|
page readonly
|
|
|
|
3401000
|
unkown
|
page read and write
|
|
|
|
33F1000
|
unkown
|
page read and write
|
|
|
|
7FEB2000
|
unkown image
|
page readonly
|
|
|
|
2890000
|
heap private
|
page read and write
|
|
|
|
FFD52000
|
unkown image
|
page readonly
|
|
|
|
2A7A000
|
unkown image
|
page readonly
|
|
|
|
7FF5C83BA000
|
unkown image
|
page readonly
|
|
|
|
271822BE000
|
unkown
|
page read and write
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
2AD0000
|
unkown image
|
page readonly
|
|
|
|
7E0000
|
unkown image
|
page readonly
|
|
|
|
27182B77000
|
unkown
|
page read and write
|
|
|
|
2794D310000
|
unkown image
|
page readonly
|
|
|
|
27182B6B000
|
unkown
|
page read and write
|
|
|
|
7FF55A626000
|
unkown image
|
page readonly
|
|
|
|
7FF5C80B4000
|
unkown image
|
page readonly
|
|
|
|
27182B6F000
|
unkown
|
page read and write
|
|
|
|
C30000
|
unkown image
|
page readonly
|
|
|
|
C0F817F000
|
stack
|
page read and write
|
|
|
|
EC98A7E000
|
stack
|
page read and write
|
|
|
|
7FF50CEEE000
|
unkown image
|
page readonly
|
|
|
|
2A2C3060000
|
unkown image
|
page readonly
|
|
|
|
7FF5155B4000
|
unkown image
|
page readonly
|
|
|
|
E16000
|
unkown image
|
page readonly
|
|
|
|
2FDC000
|
unkown
|
page read and write
|
|
|
|
7FD42000
|
unkown image
|
page readonly
|
|
|
|
2794D280000
|
unkown image
|
page readonly
|
|
|
|
EB5000
|
unkown image
|
page readonly
|
|
|
|
27182B6D000
|
unkown
|
page read and write
|
|
|
|
2DA0000
|
unkown image
|
page read and write
|
|
|
|
263F5029000
|
unkown
|
page read and write
|
|
|
|
27182B83000
|
unkown
|
page read and write
|
|
|
|
C0F867E000
|
stack
|
page read and write
|
|
|
|
27182A02000
|
unkown
|
page read and write
|
|
|
|
BE0000
|
unkown image
|
page readonly
|
|
|
|
EC9859A000
|
unkown
|
page read and write
|
|
|
|
7DF583C42000
|
unkown image
|
page readonly
|
|
|
|
2AD6000
|
unkown image
|
page readonly
|
|
|
|
FFD50000
|
unkown image
|
page readonly
|
|
|
|
FFD62000
|
unkown image
|
page readonly
|
|
|
|
2718224F000
|
unkown
|
page read and write
|
|
|
|
948000
|
unkown
|
page read and write
|
|
|
|
263F4F10000
|
unkown image
|
page readonly
|
|
|
|
7FF5C82F7000
|
unkown image
|
page readonly
|
|
|
|
7FF5160C3000
|
unkown image
|
page readonly
|
|
|
|
D60000
|
unkown image
|
page readonly
|
|
|
|
7FF515C87000
|
unkown image
|
page readonly
|
|
|
|
7DF5D6150000
|
unkown image
|
page readonly
|
|
|
|
27182B7B000
|
unkown
|
page read and write
|
|
|
|
7FF575F17000
|
unkown image
|
page readonly
|
|
|
|
D8B56FF000
|
stack
|
page read and write
|
|
|
|
290D000
|
unkown image
|
page readonly
|
|
|
|
FFD60000
|
unkown image
|
page readonly
|
|
|
|
62C000
|
unkown
|
page read and write
|
|
There are 1213 hidden memdumps, click here to show them.