IOC Report

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
data
dropped
 malicious
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\114e21f2-b582-46d6-bd90-417a3fab611e.tmp
SysEx File -
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\29db3f0a-a0f7-4a03-b6c0-f718201d4052.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\3632bd1c-ea03-4537-9a1c-92a35b553d50.tmp
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\3ecca95e-6244-49b3-bc09-8efc4bdd93be.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\833810ee-2618-4dd6-be26-aa40c20b3c09.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\85f4419b-89cd-45bc-812b-b429c13100af.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\9c5d137c-ef8b-4e51-a4f5-5d1bce9b5671.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\9ff5205e-a666-4b7c-a7e3-8c47b614ca2d.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0acffeb3-8d8d-499f-8dd4-0a8852332893.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0c39ace3-d3ad-4881-9b43-a77e12ece424.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\17ea28bf-d6c4-4fe9-8ae5-b7aa7b6313db.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4f7207b7-7175-4fe2-8f87-6f4779ca6099.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\65bbd9b9-3dca-48b9-8705-3f244ffdf2ed.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6c975a92-2d4d-43c5-85f0-b5d2b03bfbc3.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8d989cec-f250-4780-af32-622d946b8b83.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8dc99252-a7db-405f-a4d2-318a503348ca.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\938d606a-f13f-4dd2-8537-fc26d2724349.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\940ee6e0-0f1a-435d-95f1-beb95390455e.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.oldll (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.oldT (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
SQLite 3.x database, last written using SQLite version 3032001
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old. (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons
SQLite 3.x database, last written using SQLite version 3032001
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old.. (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old.d (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
SQLite 3.x database, last written using SQLite version 3032001
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Session (copy)
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last TabsOC (copy)
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldMP (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
SQLite 3.x database, last written using SQLite version 3032001
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State0 (copy)
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent StateB} (copy)
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.oldMP (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesMP (copy)
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3032001
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences0c (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferenceswe (copy)
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old. (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent StateMP (copy)
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.old (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG.old. (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\c5343a33-2aa8-49a7-b6e5-17c525a9ea82.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State.0 (copy)
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG.old (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG.olde/ (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\ddda8ed4-c355-4a26-b6e7-4505ea376d04.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENTp (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old2 (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
MPEG-4 LOAS
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\db1bada1-1419-463b-9465-e34a48a4d925.tmp
ASCII text, with very long lines, with no line terminators
modified
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e64900ff-8527-47c0-ad48-0b1ec57572e4.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f048c967-2d9a-47f2-92ff-f4701813e927.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f67278c2-f188-42e3-8550-7fdb8a4d6fa2.tmp
very short file (no magic)
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old8f (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local StateY (copy)
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info CacheMP (copy)
SysEx File -
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cacheg (copy)
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
data
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\aa200e3f-c8c6-4131-99c6-de1ae61d81fd.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\b4cfc0a1-cbf3-401f-be2b-937e33795516.tmp
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Google\Chrome\User Data\c03bc128-2396-49b1-905f-b0e4094f286d.tmp
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\2e072261-1015-4dd6-900b-7d33941bf0ee.tmp
Google Chrome extension, version 3
dropped
 clean
C:\Users\user\AppData\Local\Temp\3f53483b-9543-4ab0-8f28-05517035b683.tmp
very short file (no magic)
dropped
 clean
C:\Users\user\AppData\Local\Temp\6644_1295805737\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\6644_1295805737\_platform_specific\x86_64\pnacl_public_pnacl_json
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Temp\6644_1295805737\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
dropped
 clean
C:\Users\user\AppData\Local\Temp\6644_1295805737\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
dropped
 clean
C:\Users\user\AppData\Local\Temp\6644_1295805737\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
dropped
 clean
C:\Users\user\AppData\Local\Temp\6644_1295805737\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377, stripped
dropped
 clean
C:\Users\user\AppData\Local\Temp\6644_1295805737\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a
current ar archive
dropped
 clean
C:\Users\user\AppData\Local\Temp\6644_1295805737\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a
current ar archive
dropped
 clean
C:\Users\user\AppData\Local\Temp\6644_1295805737\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
current ar archive
dropped
 clean
C:\Users\user\AppData\Local\Temp\6644_1295805737\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
current ar archive
dropped
 clean
C:\Users\user\AppData\Local\Temp\6644_1295805737\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce, stripped
dropped
 clean
C:\Users\user\AppData\Local\Temp\6644_1295805737\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9, stripped
dropped
 clean
C:\Users\user\AppData\Local\Temp\6644_1295805737\manifest.fingerprint
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\6644_1295805737\manifest.json
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Temp\9816d29b-ce44-4a47-955e-cc9884ce9882.tmp
Google Chrome extension, version 3
dropped
 clean
C:\Users\user\AppData\Local\Temp\browser-sslkeys.log
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Temp\f0758a7e-1f8d-4e4e-888b-f2f638f18c36.tmp
very short file (no magic)
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\2e072261-1015-4dd6-900b-7d33941bf0ee.tmp
Google Chrome extension, version 3
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\en\messages.json
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\en_GB\messages.json
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\es_419\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\fil\messages.json
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\id\messages.json
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\nl\messages.json
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\pt_BR\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\pt_PT\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\zh_CN\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\craw_background.js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\craw_window.js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\css\craw_window.css
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\html\craw_window.html
HTML document, ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\images\flapper.gif
GIF image data, version 89a, 30 x 30
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\images\icon_128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\images\icon_16.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\images\topbar_floating_button.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\images\topbar_floating_button_close.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\images\topbar_floating_button_hover.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\images\topbar_floating_button_maximize.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\images\topbar_floating_button_pressed.png
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_151062736\CRX_INSTALL\manifest.json
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\9816d29b-ce44-4a47-955e-cc9884ce9882.tmp
Google Chrome extension, version 3
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\am\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\ar\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\bg\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\bn\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\ca\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\cs\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\da\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\de\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\el\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\en\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\es\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\et\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\fa\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\fi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\fil\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\fr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\gu\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\hi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\hr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\hu\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\id\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\it\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\iw\messages.json
HTML document, ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\ja\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\kn\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\ko\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\lt\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\lv\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\ml\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\mr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\ms\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\nb\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\nl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\pl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\pt\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\ro\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\ru\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\sk\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\sl\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\sr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\sv\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\sw\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\ta\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\te\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\th\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\tr\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\uk\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\vi\messages.json
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\zh\messages.json
UTF-8 Unicode text, with CRLF line terminators
modified
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_locales\zh_TW\messages.json
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\_metadata\verified_contents.json
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\angular.js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\background_script.js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\cast_sender.js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\common.js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\feedback.css
ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\feedback.html
HTML document, ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\feedback_script.js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\manifest.json
ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\material_css_min.css
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\mirroring_cast_streaming.js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\mirroring_common.js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\mirroring_hangouts.js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1591886150\CRX_INSTALL\mirroring_webrtc.js
ASCII text, with very long lines
dropped
 clean
There are 247 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://express.adobe.com/page/hkJAopeNt4zI5/
 clean
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,18307856838126916977,11189579393534020525,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8
clean

URLs

Name
IP
Malicious
https://express.adobe.com/page/hkJAopeNt4zI5/
malicious
https://jamesviewzzhe.buzz/Doc/FBG/images/webmaillogo.png
104.21.47.175
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/images/office.png
104.21.47.175
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/One
unknown
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/microsoft.phpSign
unknown
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/images/outlook.png
104.21.47.175
 malicious
https://jamesviewzzhe.buzz/favicon.ico
104.21.47.175
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/office.phpOne
unknown
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/images/Onedrive-logo.png$
unknown
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/microsoft.php
104.21.47.175
 malicious
https://jamesviewzzhe.buzz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.21.47.175
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/css/bootstrap.min.css
104.21.47.175
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/js/bootstrap.min.js
104.21.47.175
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/webmail.php
104.21.47.175
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/
104.21.47.175
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/webmail.phpI
unknown
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/
malicious
https://jamesviewzzhe.buzz/Doc/FBG/css/bootstrap.min.css4
unknown
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/images/officelogo.png
104.21.47.175
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/microsoft.php
malicious
https://jamesviewzzhe.buzz/Doc/FBG/office.php
malicious
http://jamesviewzzhe.buzz/Doc/FBG/
104.21.47.175
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/webmail.php
malicious
https://jamesviewzzhe.buzz/Doc/FBG/images/landing-devices-bg.jpg
104.21.47.175
 malicious
https://use.typekit.net/af/696cdf/00000000000000000000ec0a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
unknown
 clean
https://a.nel.cloudflare.com/report/v3?s=6zegje6ArNw49T5kEePBFneU3c8Jl6dFw3uyY1Zea5xTOFLjKdAZMr5eyQk
unknown
 clean
https://apis.google.com/js/client.js
unknown
 clean
https://use.typekit.net/af/53dec0/0000000000000000000100fe/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
unknown
 clean
https://crash.corp.google.com/samples?reportid=&q=
unknown
 clean
https://csp.withgoogle.com/csp/report-to/apps-themes
unknown
 clean
https://page.adobespark-assets.com/runtime/1.22/images/left-arrow.png
13.224.96.6
 clean
https://page.adobespark-assets.com/runtime/1.22/typekit-load.gz.js
13.224.96.6
 clean
http://crls.pki.goog/gts1c3/QqFxbi9M48c.crl0
unknown
 clean
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
unknown
 clean
https://page.adobespark-assets.com/runtime/1.22/base-fonts.gz.js
13.224.96.6
 clean
https://preprod-hangouts-googleapis.sandbox.google.com
unknown
 clean
https://use.typekit.net/af/bf4171/00000000000000000000ec0d/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
unknown
 clean
http://pki.goog/repo/certs/gtsr1.der04
unknown
 clean
https://www.google.com
unknown
 clean
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
104.18.11.207
 clean
https://use.typekit.net/af/180c9d/00000000000000003b9b3f8a/27/l?primer=7fa3915bdafdf03041871920a205b
unknown
 clean
https://page.adobespark-assets.com/runtime/1.22/font-subgroup-kits/lato.gz.js
13.224.96.6
 clean
https://hangouts.google.com/hangouts/_/logpref
unknown
 clean
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/css/bootstrap.min.css:
unknown
 clean
https://creativecommons.org/publicdomain/zero/1.0/.
unknown
 clean
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
unknown
 clean
https://github.com/madler/zlib/blob/master/zlib.h
unknown
 clean
https://use.typekit.net/onz5gap.js
unknown
 clean
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.jsC
unknown
 clean
https://www.google.com/tools/feedback
unknown
 clean
https://cdnjs.cloudflare.com/
unknown
 clean
https://dns.google
unknown
 clean
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
unknown
 clean
https://use.typekit.net/
unknown
 clean
https://use.typekit.net/af/180254/00000000000000000001522c/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
unknown
 clean
https://support.google.com/chromecast/troubleshooter/2995236
unknown
 clean
https://jamesviewzzhe.buzz/
unknown
 clean
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
unknown
 clean
https://page.adobespark-assets.com/runtime/1.22/font-subgroup-kits/museo-slab.gz.js
13.224.96.6
 clean
https://maxcdn.bootstrapcdn.com/
unknown
 clean
https://jamesviewzzhe.buzz/Doc/FBGI
unknown
 clean
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
172.217.16.142
 clean
https://payments.google.com/payments/v4/js/integrator.js
unknown
 clean
https://www.google.com;
unknown
 clean
http://crl.pki.goog/gtsr1/gtsr1.crl0W
unknown
 clean
https://jamesviewzzhe.buzz/Doc/FBGOne
unknown
 clean
https://pki.goog/repository/0
unknown
 clean
https://www.google.com/images/x2.gif
unknown
 clean
https://jamesviewzzhe.buzz/Doc/FBG=
unknown
 clean
https://www.google.com/images/dot2.gif
unknown
 clean
https://page.adobespark-assets.com/runtime/1.22/images/right-arrow.png
13.224.96.6
 clean
https://play.google.com/log?format=json&hasfast=true
unknown
 clean
https://use.typekit.net/af/c225e2/000000000000000000011aff/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
unknown
 clean
http://tools.ietf.org/html/rfc1950
unknown
 clean
https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/l?primer=7fa3915bdafdf03041871920a205b
unknown
 clean
https://page.adobespark-assets.com/runtime/1.22/runtime.gz.css
13.224.96.6
 clean
http://jamesviewzzhe.buzz/Doc/FBG/.
unknown
 clean
https://a.nel.cloudflare.com/report/v3?s=eKV3cFBniHpR3vzT1E1k3FO3cyXRlYp1sdd%2FLmr5hdvt5xqSHr9W2%2BF
unknown
 clean
https://docs.google.com
unknown
 clean
https://use.typekit.net/af/ea0e14/000000000000000000010141/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
unknown
 clean
https://www.google.com/
unknown
 clean
https://feedback.googleusercontent.com
unknown
 clean
https://use.typekit.net/af/efba8b/000000000000000000015236/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
unknown
 clean
http://jamesviewzzhe.buzz/Doc/FBG/One
unknown
 clean
https://a.nel.cloudflare.com/report/v3?s=nV%2F924aZ5FYXNqA1KnYZ86CYjUBnvpjdDu%2Bcds87EaedNBVlrb2N6OyCLvs6HIEJZbRG2964uBsN5ZeIKszZZv0NsBsiOw85nq1rD%2BcJ3KLopBh%2FwHRrp%2FOSsAHh9dDJCKSOUpU%3D
35.190.80.1
 clean
https://clients6.google.com
unknown
 clean
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/css/bootstrap.min.css
104.18.11.207
 clean
https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/l?primer=7fa3915bdafdf03041871920a205b
unknown
 clean
http://crl.pki.goog/gsr1/gsr1.crl0;
unknown
 clean
https://page.adobespark-assets.com/runtime/1.22/images/lightbox_close
unknown
 clean
https://signup.live.com
unknown
 clean
https://www.google.com/images/cleardot.gif
unknown
 clean
https://play.google.com
unknown
 clean
https://csp.withgoogle.com/csp/apps-themesCross-Origin-Resource-Policy:
unknown
 clean
https://www.google.com/log?format=json&hasfast=true
unknown
 clean
https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/l?primer=7fa3915bdafdf03041871920a205b
unknown
 clean
https://sandbox.google.com/payments/v4/js/integrator.js
unknown
 clean
https://accounts.google.com/MergeSession
unknown
 clean
https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx
142.250.181.225
 clean
http://jamesviewzzhe.buzz/Doc/FBG/CF-Cache-Status:
unknown
 clean
https://page.adobespark-assets.com/runtime/1.22/images/favicon.ico
13.224.96.6
 clean
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
jamesviewzzhe.buzz
104.21.47.175
 malicious
gstaticadssl.l.google.com
142.250.186.163
 clean
a.nel.cloudflare.com
35.190.80.1
 clean
accounts.google.com
142.250.184.205
 clean
cdnjs.cloudflare.com
104.16.19.94
 clean
express-prod.adobeprojectm.com
13.224.96.19
 clean
maxcdn.bootstrapcdn.com
104.18.11.207
 clean
clients.l.google.com
172.217.16.142
 clean
page.adobespark-assets.com
13.224.96.6
 clean
googlehosted.l.googleusercontent.com
142.250.181.225
 clean
clients2.googleusercontent.com
unknown
 clean
use.typekit.net
unknown
 clean
clients2.google.com
unknown
 clean
p.typekit.net
unknown
 clean
code.jquery.com
unknown
 clean
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
104.21.47.175
jamesviewzzhe.buzz
United States
malicious
192.168.2.1
unknown
unknown
clean
13.224.96.19
express-prod.adobeprojectm.com
United States
clean
142.250.184.205
accounts.google.com
United States
clean
35.190.80.1
a.nel.cloudflare.com
United States
clean
172.217.16.142
clients.l.google.com
United States
clean
142.250.186.163
gstaticadssl.l.google.com
United States
clean
13.224.96.6
page.adobespark-assets.com
United States
clean
104.18.11.207
maxcdn.bootstrapcdn.com
United States
clean
142.250.181.225
googlehosted.l.googleusercontent.com
United States
clean
239.255.255.250
unknown
Reserved
clean
127.0.0.1
unknown
unknown
clean
104.16.19.94
cdnjs.cloudflare.com
United States
clean
There are 3 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
 clean
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blacklist_cache_md5_digest
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
 clean
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
 clean
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
 clean
There are 34 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7FF56B00B000
unkown image
page readonly
 clean
7FF5CCBD7000
unkown image
page readonly
 clean
7FF5357EC000
unkown image
page readonly
 clean
C6C2B7F000
stack
page read and write
 clean
7FF5C6ECC000
unkown image
page readonly
 clean
7456E7E000
stack
page read and write
 clean
2209D826000
unkown
page read and write
 clean
7FF5C704A000
unkown image
page readonly
 clean
21EBF27E000
unkown
page read and write
 clean
51D0EFF000
stack
page read and write
 clean
7FF5D9FB5000
unkown image
page readonly
 clean
7FF5C6F33000
unkown image
page readonly
 clean
7DF58AA52000
unkown image
page readonly
 clean
7FF5E1A73000
unkown image
page readonly
 clean
2209D6A0000
unkown image
page readonly
 clean
2D3E5229000
unkown
page read and write
 clean
7FF57CDF1000
unkown image
page readonly
 clean
21D67860000
unkown
page read and write
 clean
18E94F90000
unkown image
page readonly
 clean
7DF58AA70000
unkown image
page readonly
 clean
A4DB87F000
stack
page read and write
 clean
23987170000
unkown
page read and write
 clean
7FF57CBFF000
unkown image
page readonly
 clean
21EC0000000
unkown
page read and write
 clean
7FF5C7034000
unkown image
page readonly
 clean
14EF5EE7000
unkown
page read and write
 clean
7FF5C6D34000
unkown image
page readonly
 clean
7FF5DA06F000
unkown image
page readonly
 clean
21EBF258000
unkown
page read and write
 clean
1ED83020000
heap private
page read and write
 clean
7DF504862000
unkown image
page readonly
 clean
21EBF2EF000
unkown
page read and write
 clean
21EBF1A0000
unkown image
page readonly
 clean
21EBF1F0000
unkown
page read and write
 clean
21EBF24F000
unkown
page read and write
 clean
21EBF100000
unkown image
page readonly
 clean
7FF5CCC61000
unkown image
page readonly
 clean
18E95802000
unkown
page read and write
 clean
7FF52EC22000
unkown image
page readonly
 clean
51D0D7E000
stack
page read and write
 clean
23987180000
unkown
page read and write
 clean
7FF4F6B09000
unkown image
page readonly
 clean
1ED83010000
unkown image
page read and write
 clean
7DF5DA8D2000
unkown image
page readonly
 clean
2209D7A0000
unkown image
page readonly
 clean
7DF5F02E0000
unkown image
page readonly
 clean
1ED83261000
unkown
page read and write
 clean
7FF4F640E000
unkown image
page readonly
 clean
7FF5E2590000
unkown image
page readonly
 clean
7FF56AEDE000
unkown image
page readonly
 clean
21EBF28A000
unkown
page read and write
 clean
C6C23DC000
unkown
page read and write
 clean
21D67855000
unkown
page read and write
 clean
7FF535952000
unkown image
page readonly
 clean
3A70A7F000
stack
page read and write
 clean
1ED8327A000
unkown
page read and write
 clean
7FF5D9C41000
unkown image
page readonly
 clean
20D88FB0000
unkown image
page readonly
 clean
21EBF27F000
unkown
page read and write
 clean
8D744FB000
stack
page read and write
 clean
7FF5DA087000
unkown image
page readonly
 clean
7FF5D9976000
unkown image
page readonly
 clean
21EBFB9B000
unkown
page read and write
 clean
21EBF24A000
unkown
page read and write
 clean
7FF56AF14000
unkown image
page readonly
 clean
7FF53578F000
unkown image
page readonly
 clean
7FF4F6ACE000
unkown image
page readonly
 clean
7FF52F3D1000
unkown image
page readonly
 clean
7FF5E2576000
unkown image
page readonly
 clean
21EBFB8A000
unkown
page read and write
 clean
7FF56B3E6000
unkown image
page readonly
 clean
7FF5C7041000
unkown image
page readonly
 clean
7DF5D4CC2000
unkown image
page readonly
 clean
7FF56B583000
unkown image
page readonly
 clean
7DF504880000
unkown image
page readonly
 clean
7FF5DA139000
unkown image
page readonly
 clean
7FF4F6AE4000
unkown image
page readonly
 clean
18E95002000
unkown
page read and write
 clean
7FF4F6B20000
unkown image
page readonly
 clean
EE9FDF7000
stack
page read and write
 clean
21EBFBAC000
unkown
page read and write
 clean
7FF5CCB6F000
unkown image
page readonly
 clean
7FF5C6FCD000
unkown image
page readonly
 clean
7FF5CCC4A000
unkown image
page readonly
 clean
7FF5DA08E000
unkown image
page readonly
 clean
1ED83302000
unkown
page read and write
 clean
14EF5E00000
unkown
page read and write
 clean
7FF56B50C000
unkown image
page readonly
 clean
7FF57CD6A000
unkown image
page readonly
 clean
7FF5C6F7E000
unkown image
page readonly
 clean
7FF5CC9E6000
unkown image
page readonly
 clean
7FF56B58E000
unkown image
page readonly
 clean
2D3E4FB0000
unkown image
page read and write
 clean
2D3E523D000
unkown
page read and write
 clean
2209D85B000
unkown
page read and write
 clean
21EC0002000
unkown
page read and write
 clean
21EBFB99000
unkown
page read and write
 clean
21EBFBDE000
unkown
page read and write
 clean
21EBFB83000
unkown
page read and write
 clean
7FF5DA057000
unkown image
page readonly
 clean
7FF5C6E17000
unkown image
page readonly
 clean
20D89049000
unkown
page read and write
 clean
7FF5C6D22000
unkown image
page readonly
 clean
7DF5E7DC0000
unkown image
page readonly
 clean
7FF5D9FCC000
unkown image
page readonly
 clean
7FF5E1EFE000
unkown image
page readonly
 clean
7DF58AA50000
unkown image
page readonly
 clean
7FF57CDC9000
unkown image
page readonly
 clean
20D88F60000
unkown image
page read and write
 clean
7FF5DA06D000
unkown image
page readonly
 clean
21D677A0000
heap default
page read and write
 clean
3A70AF9000
stack
page read and write
 clean
EE9FA7F000
stack
page read and write
 clean
21EBFB9B000
unkown
page read and write
 clean
21EBFBB6000
unkown
page read and write
 clean
7FF57CB76000
unkown image
page readonly
 clean
1ED83264000
unkown
page read and write
 clean
7FF56B525000
unkown image
page readonly
 clean
7FF5E25EA000
unkown image
page readonly
 clean
2209D866000
unkown
page read and write
 clean
7FF56B451000
unkown image
page readonly
 clean
7FF5DA151000
unkown image
page readonly
 clean
7DF53D060000
unkown image
page readonly
 clean
7FF5CCBAB000
unkown image
page readonly
 clean
A4DBD78000
stack
page read and write
 clean
7DF5E7DD0000
unkown image
page readonly
 clean
21EBFB23000
unkown
page read and write
 clean
7DF579310000
unkown image
page readonly
 clean
14EF5E30000
unkown image
page readonly
 clean
21EBF100000
unkown image
page readonly
 clean
8D7427E000
stack
page read and write
 clean
21EBF180000
unkown
page read and write
 clean
18E95108000
unkown
page read and write
 clean
239864E0000
unkown image
page read and write
 clean
7FF535971000
unkown image
page readonly
 clean
7DF5F02D2000
unkown image
page readonly
 clean
7FF5C7022000
unkown image
page readonly
 clean
21EBFB85000
unkown
page read and write
 clean
7DF579320000
unkown image
page readonly
 clean
EE9FAFF000
stack
page read and write
 clean
7FF5C6F87000
unkown image
page readonly
 clean
20D89A00000
unkown
page read and write
 clean
21EBFB9B000
unkown
page read and write
 clean
7FF5D9FBB000
unkown image
page readonly
 clean
20D892D0000
unkown image
page readonly
 clean
7FF5CCB73000
unkown image
page readonly
 clean
1ED83257000
unkown
page read and write
 clean
7DF58AA60000
unkown image
page readonly
 clean
7FF4F6B4B000
unkown image
page readonly
 clean
20D89660000
unkown image
page readonly
 clean
D83AA7F000
stack
page read and write
 clean
D83A2FA000
stack
page read and write
 clean
7FF56B691000
unkown image
page readonly
 clean
20D89730000
unkown
page read and write
 clean
23986590000
unkown image
page readonly
 clean
7DF5D4CC0000
unkown image
page readonly
 clean
239864F0000
unkown
page read and write
 clean
7FF5DA0AB000
unkown image
page readonly
 clean
7FF56B372000
unkown image
page readonly
 clean
7FF57CDD4000
unkown image
page readonly
 clean
2209D85F000
unkown
page read and write
 clean
7FF56B54F000
unkown image
page readonly
 clean
21EC0002000
unkown
page read and write
 clean
7DF58AA70000
unkown image
page readonly
 clean
7FF5E2661000
unkown image
page readonly
 clean
C6C28FE000
stack
page read and write
 clean
18E954D0000
unkown image
page readonly
 clean
7FF5358FA000
unkown image
page readonly
 clean
21EBFB84000
unkown
page read and write
 clean
7FF57CC4B000
unkown image
page readonly
 clean
14EF5EEE000
unkown
page read and write
 clean
7FF5C6F70000
unkown image
page readonly
 clean
21EC0002000
unkown
page read and write
 clean
1ED83277000
unkown
page read and write
 clean
21EBF2EC000
unkown
page read and write
 clean
1ED83030000
unkown image
page readonly
 clean
7FF5CCB97000
unkown image
page readonly
 clean
7FF56B5EB000
unkown image
page readonly
 clean
7FF5C7050000
unkown image
page readonly
 clean
21EBFBCD000
unkown
page read and write
 clean
7DF579300000
unkown image
page readonly
 clean
18E94FB0000
unkown image
page readonly
 clean
21EBF200000
unkown
page read and write
 clean
7DF5D4CC2000
unkown image
page readonly
 clean
8D747FE000
stack
page read and write
 clean
20D89029000
unkown
page read and write
 clean
7FF5D9F11000
unkown image
page readonly
 clean
7FF4F68C0000
unkown image
page readonly
 clean
7FF5D9C47000
unkown image
page readonly
 clean
7FF5C6E11000
unkown image
page readonly
 clean
51D11FF000
stack
page read and write
 clean
2D3E5224000
unkown
page read and write
 clean
A4DBFFE000
stack
page read and write
 clean
23987460000
unkown
page read and write
 clean
7FF535731000
unkown image
page readonly
 clean
7DF504862000
unkown image
page readonly
 clean
239865D9000
heap private
page read and write
 clean
7DF5435F0000
unkown image
page readonly
 clean
7FF56AEE2000
unkown image
page readonly
 clean
EE9FCFB000
stack
page read and write
 clean
7FF56B187000
unkown image
page readonly
 clean
2209D800000
unkown
page read and write
 clean
3A70B7A000
stack
page read and write
 clean
7DF504872000
unkown image
page readonly
 clean
A4DBA77000
stack
page read and write
 clean
7DF4414B0000
unkown image
page readonly
 clean
21EBFBAC000
unkown
page read and write
 clean
7FF5CC8ED000
unkown image
page readonly
 clean
23987450000
unkown
page read and write
 clean
21EBFB9B000
unkown
page read and write
 clean
1ED83180000
unkown
page read and write
 clean
7FF5CCB87000
unkown image
page readonly
 clean
7FF5C7029000
unkown image
page readonly
 clean
7DF5DA8C0000
unkown image
page readonly
 clean
21D67800000
unkown
page read and write
 clean
7FF57CCF9000
unkown image
page readonly
 clean
7DF504860000
unkown image
page readonly
 clean
EE9FEFF000
stack
page read and write
 clean
7DF53D040000
unkown image
page readonly
 clean
7FF52F300000
unkown image
page readonly
 clean
23986530000
unkown image
page readonly
 clean
7FF5DA14A000
unkown image
page readonly
 clean
21EBF23C000
unkown
page read and write
 clean
7FF5CCC5A000
unkown image
page readonly
 clean
7FF535750000
unkown image
page readonly
 clean
23986520000
unkown image
page readonly
 clean
7FF5E1A68000
unkown image
page readonly
 clean
7FF56B459000
unkown image
page readonly
 clean
14EF5EE6000
unkown
page read and write
 clean
21EBF2E4000
unkown
page read and write
 clean
2209D908000
unkown
page read and write
 clean
7FF535959000
unkown image
page readonly
 clean
7FF5C6F9B000
unkown image
page readonly
 clean
21EBFB9B000
unkown
page read and write
 clean
23986500000
unkown image
page readonly
 clean
21EBF253000
unkown
page read and write
 clean
C6C2AFD000
stack
page read and write
 clean
21EBFB6D000
unkown
page read and write
 clean
2209DD80000
unkown image
page readonly
 clean
7DF53D042000
unkown image
page readonly
 clean
7FF56B4B2000
unkown image
page readonly
 clean
7DF504870000
unkown image
page readonly
 clean
239869C0000
unkown image
page readonly
 clean
21EBFB9B000
unkown
page read and write
 clean
21EBFB95000
unkown
page read and write
 clean
23986631000
unkown
page read and write
 clean
7FF5C6D17000
unkown image
page readonly
 clean
7FF5D9DE5000
unkown image
page readonly
 clean
7FF52F3E1000
unkown image
page readonly
 clean
7FF4F6C01000
unkown image
page readonly
 clean
7FF5C7051000
unkown image
page readonly
 clean
7FF5CCB57000
unkown image
page readonly
 clean
7FF57CD67000
unkown image
page readonly
 clean
2D3E4FF0000
unkown image
page readonly
 clean
21D67E50000
unkown image
page readonly
 clean
7FF56B5B3000
unkown image
page readonly
 clean
7FF5CCC44000
unkown image
page readonly
 clean
21EBFB9B000
unkown
page read and write
 clean
8D745F7000
stack
page read and write
 clean
1ED83269000
unkown
page read and write
 clean
21EBFB84000
unkown
page read and write
 clean
745737E000
stack
page read and write
 clean
1ED83213000
unkown
page read and write
 clean
1ED8323D000
unkown
page read and write
 clean
7FF56B3E4000
unkown image
page readonly
 clean
7FF5E2583000
unkown image
page readonly
 clean
23987440000
unkown
page readonly
 clean
7FF5E1A7A000
unkown image
page readonly
 clean
7FF5358CB000
unkown image
page readonly
 clean
7DF5F02E2000
unkown image
page readonly
 clean
21EBFBAC000
unkown
page read and write
 clean
1ED8323B000
unkown
page read and write
 clean
7DF5DA8E0000
unkown image
page readonly
 clean
8D746FF000
stack
page read and write
 clean
7FF5CCBDD000
unkown image
page readonly
 clean
7DF53D052000
unkown image
page readonly
 clean
2D3E5020000
heap default
page read and write
 clean
7FF57CDDA000
unkown image
page readonly
 clean
21EBFBB6000
unkown
page read and write
 clean
2209D670000
unkown image
page readonly
 clean
1ED83242000
unkown
page read and write
 clean
7FF57CD10000
unkown image
page readonly
 clean
7DF579302000
unkown image
page readonly
 clean
7FF56B5D7000
unkown image
page readonly
 clean
21EBFBBB000
unkown
page read and write
 clean
7FF4F630D000
unkown image
page readonly
 clean
7DF5E7DD2000
unkown image
page readonly
 clean
7FF56B209000
unkown image
page readonly
 clean
18E95740000
unkown
page read and write
 clean
7DF402730000
unkown image
page readonly
 clean
7DF58AA62000
unkown image
page readonly
 clean
18E95000000
unkown
page read and write
 clean
2D3E5213000
unkown
page read and write
 clean
7FF5D9F6F000
unkown image
page readonly
 clean
20D89760000
unkown
page read and write
 clean
2D3E5802000
unkown
page read and write
 clean
7FF57CD6D000
unkown image
page readonly
 clean
21EBF0F0000
heap private
page read and write
 clean
2209D85C000
unkown
page read and write
 clean
21D67770000
unkown image
page readonly
 clean
7FF5E2487000
unkown image
page readonly
 clean
21EBF160000
unkown image
page readonly
 clean
21D6784A000
unkown
page read and write
 clean
7FF4F6B13000
unkown image
page readonly
 clean
23986D40000
unkown image
page readonly
 clean
1ED8325A000
unkown
page read and write
 clean
2D3E4FC0000
heap private
page read and write
 clean
21EC0100000
unkown
page read and write
 clean
7FF53588D000
unkown image
page readonly
 clean
7FF5CE581000
unkown image
page readonly
 clean
8D743FB000
stack
page read and write
 clean
21D67740000
heap private
page read and write
 clean
7457177000
stack
page read and write
 clean
21EBFBC8000
unkown
page read and write
 clean
7FF56B51B000
unkown image
page readonly
 clean
7FF5C68B7000
unkown image
page readonly
 clean
7FF5C6F5D000
unkown image
page readonly
 clean
21EC0002000
unkown
page read and write
 clean
21EBF930000
unkown image
page write copy
 clean
7FF5E2642000
unkown image
page readonly
 clean
7DF5DA8D0000
unkown image
page readonly
 clean
7FF5CCB8E000
unkown image
page readonly
 clean
7FF52F2F3000
unkown image
page readonly
 clean
7FF5358AE000
unkown image
page readonly
 clean
7FF5DA15A000
unkown image
page readonly
 clean
21EBFBBD000
unkown
page read and write
 clean
7FF5C6FA3000
unkown image
page readonly
 clean
7DF5435F2000
unkown image
page readonly
 clean
7FF4F6BF5000
unkown image
page readonly
 clean
7DF5F02E2000
unkown image
page readonly
 clean
7DF543600000
unkown image
page readonly
 clean
7FF5C6F21000
unkown image
page readonly
 clean
7FF5E2586000
unkown image
page readonly
 clean
18E9507B000
unkown
page read and write
 clean
7FF5C6D46000
unkown image
page readonly
 clean
7DF5DA8C0000
unkown image
page readonly
 clean
7FF5CC8E5000
unkown image
page readonly
 clean
2209D690000
unkown image
page readonly
 clean
14EF5E50000
unkown image
page read and write
 clean
7DF58AA50000
unkown image
page readonly
 clean
20D88F70000
heap private
page read and write
 clean
239865D5000
heap private
page read and write
 clean
21D68002000
unkown
page read and write
 clean
7FF52F35A000
unkown image
page readonly
 clean
21D67750000
unkown image
page readonly
 clean
21EBF24B000
unkown
page read and write
 clean
20D89023000
unkown
page read and write
 clean
1ED83246000
unkown
page read and write
 clean
21D67CD0000
unkown image
page readonly
 clean
7FF5357D5000
unkown image
page readonly
 clean
7FF5E266A000
unkown image
page readonly
 clean
7FF5CCB83000
unkown image
page readonly
 clean
A4DBB7E000
stack
page read and write
 clean
7DF53D040000
unkown image
page readonly
 clean
7FF56B4AF000
unkown image
page readonly
 clean
7FF5DA0DD000
unkown image
page readonly
 clean
7FF5E2482000
unkown image
page readonly
 clean
7FF57C664000
unkown image
page readonly
 clean
239871E0000
unkown
page read and write
 clean
7DF5E7DE0000
unkown image
page readonly
 clean
7DF5D4CB2000
unkown image
page readonly
 clean
7FF4F6B0D000
unkown image
page readonly
 clean
21EBF4D0000
unkown image
page readonly
 clean
21EBFBD6000
unkown
page read and write
 clean
7456B8E000
stack
page read and write
 clean
7FF5C6DAF000
unkown image
page readonly
 clean
7FF57CA7E000
unkown image
page readonly
 clean
EE9FBFB000
stack
page read and write
 clean
7FF5C6F5A000
unkown image
page readonly
 clean
7FF56B207000
unkown image
page readonly
 clean
7FF52EC1E000
unkown image
page readonly
 clean
21EBFB77000
unkown
page read and write
 clean
21EC0102000
unkown
page read and write
 clean
21EBFBD6000
unkown
page read and write
 clean
7DF579312000
unkown image
page readonly
 clean
21EBFB95000
unkown
page read and write
 clean
7FF57CDC2000
unkown image
page readonly
 clean
21EBF0E0000
unkown image
page read and write
 clean
7FF56AF0E000
unkown image
page readonly
 clean
21EBFBAC000
unkown
page read and write
 clean
7FF5DA083000
unkown image
page readonly
 clean
7FF5358FD000
unkown image
page readonly
 clean
2D3E5110000
unkown image
page readonly
 clean
7FF56B5C0000
unkown image
page readonly
 clean
7DF5DA8D2000
unkown image
page readonly
 clean
3A7078F000
stack
page read and write
 clean
21EBF313000
unkown
page read and write
 clean
1ED83050000
unkown image
page readonly
 clean
7FF56B562000
unkown image
page readonly
 clean
D83AB7E000
stack
page read and write
 clean
2D3E5273000
unkown
page read and write
 clean
7FF56B679000
unkown image
page readonly
 clean
2209D83C000
unkown
page read and write
 clean
7FF57CDEA000
unkown image
page readonly
 clean
A4DB97B000
stack
page read and write
 clean
2D3E5400000
unkown image
page readonly
 clean
21EBFBBD000
unkown
page read and write
 clean
7FF56B597000
unkown image
page readonly
 clean
7FF5E257F000
unkown image
page readonly
 clean
14EF5CD0000
unkown image
page readonly
 clean
21D67730000
unkown image
page read and write
 clean
21EBF255000
unkown
page read and write
 clean
18E95100000
unkown
page read and write
 clean
21EBFB00000
unkown
page read and write
 clean
21EBF130000
unkown image
page readonly
 clean
7FF5C6DD6000
unkown image
page readonly
 clean
7FF56B181000
unkown image
page readonly
 clean
1ED83400000
unkown image
page readonly
 clean
21EBFB8A000
unkown
page read and write
 clean
7FF5D9F30000
unkown image
page readonly
 clean
7FF53597A000
unkown image
page readonly
 clean
7FF52F333000
unkown image
page readonly
 clean
7FF56B4F5000
unkown image
page readonly
 clean
7FF56B521000
unkown image
page readonly
 clean
7DF5E7DC2000
unkown image
page readonly
 clean
2209D7C0000
unkown
page read and write
 clean
7DF5D4CD0000
unkown image
page readonly
 clean
239874B0000
unkown
page read and write
 clean
D6CBFFE000
stack
page read and write
 clean
7FF53596A000
unkown image
page readonly
 clean
239871F0000
unkown
page read and write
 clean
14EF6140000
heap private
page read and write
 clean
14EF5EC0000
heap default
page read and write
 clean
2D3E5313000
unkown
page read and write
 clean
7FF5DA080000
unkown image
page readonly
 clean
21EBF252000
unkown
page read and write
 clean
7FF535889000
unkown image
page readonly
 clean
18E94FE0000
heap default
page read and write
 clean
3A70BFF000
stack
page read and write
 clean
7FF52F3B9000
unkown image
page readonly
 clean
7FF53588F000
unkown image
page readonly
 clean
18E95102000
unkown
page read and write
 clean
D83A87D000
stack
page read and write
 clean
7DF53D042000
unkown image
page readonly
 clean
7DF53D050000
unkown image
page readonly
 clean
14EF5DE0000
unkown
page read and write
 clean
7DF58AA52000
unkown image
page readonly
 clean
7FF56B6A0000
unkown image
page readonly
 clean
7FF5E1A66000
unkown image
page readonly
 clean
21EBF2BE000
unkown
page read and write
 clean
D839ECC000
unkown
page read and write
 clean
7DF5F02F0000
unkown image
page readonly
 clean
21EC0163000
unkown
page read and write
 clean
7FF57CD27000
unkown image
page readonly
 clean
D6CBB1B000
unkown
page read and write
 clean
7DF53D052000
unkown image
page readonly
 clean
21EBFBCD000
unkown
page read and write
 clean
2209D670000
unkown image
page readonly
 clean
2D3E51F0000
unkown
page read and write
 clean
2209D87C000
unkown
page read and write
 clean
7FF5E24DC000
unkown image
page readonly
 clean
21D67850000
unkown
page read and write
 clean
7FF56B46D000
unkown image
page readonly
 clean
1ED83780000
unkown image
page readonly
 clean
2209D902000
unkown
page read and write
 clean
7DF58AA62000
unkown image
page readonly
 clean
7DF504860000
unkown image
page readonly
 clean
7FF5CCBB3000
unkown image
page readonly
 clean
7DF5D4CC0000
unkown image
page readonly
 clean
14EF5ED6000
unkown
page read and write
 clean
21EBF1F0000
unkown
page read and write
 clean
1ED83030000
unkown image
page readonly
 clean
D83A97F000
stack
page read and write
 clean
14EF6150000
unkown image
page readonly
 clean
2209D650000
unkown image
page read and write
 clean
7DF5F02F0000
unkown image
page readonly
 clean
21EBFB9B000
unkown
page read and write
 clean
7FF5E25CE000
unkown image
page readonly
 clean
18E952D0000
unkown image
page readonly
 clean
7DF5435E2000
unkown image
page readonly
 clean
7FF5C6DEF000
unkown image
page readonly
 clean
7FF5E2654000
unkown image
page readonly
 clean
7DF579310000
unkown image
page readonly
 clean
8D73FAB000
unkown
page read and write
 clean
7FF56B5A9000
unkown image
page readonly
 clean
14EF5ED7000
heap default
page read and write
 clean
2209D913000
unkown
page read and write
 clean
7FF4F6B7A000
unkown image
page readonly
 clean
7FF535801000
unkown image
page readonly
 clean
7FF535981000
unkown image
page readonly
 clean
1ED83202000
unkown
page read and write
 clean
7FF56B5F3000
unkown image
page readonly
 clean
2209D829000
unkown
page read and write
 clean
23986BC0000
unkown image
page readonly
 clean
7FF5D9FE5000
unkown image
page readonly
 clean
1ED83200000
unkown
page read and write
 clean
18E95088000
unkown
page read and write
 clean
7DF5E7DE0000
unkown image
page readonly
 clean
21EBF150000
heap default
page read and write
 clean
7FF56B3F1000
unkown image
page readonly
 clean
21EBFA02000
unkown
page read and write
 clean
21EBF213000
unkown
page read and write
 clean
7FF56B325000
unkown image
page readonly
 clean
D83A47F000
stack
page read and write
 clean
21D677B0000
unkown image
page readonly
 clean
7FF57CD13000
unkown image
page readonly
 clean
21EBF850000
unkown image
page readonly
 clean
20D89000000
unkown
page read and write
 clean
7DF5F02D2000
unkown image
page readonly
 clean
21EBFB78000
unkown
page read and write
 clean
23986631000
unkown
page read and write
 clean
2D3E5200000
unkown
page read and write
 clean
EE9F7CB000
unkown
page read and write
 clean
3A7070A000
unkown
page read and write
 clean
21D67829000
unkown
page read and write
 clean
7FF4F6BFA000
unkown image
page readonly
 clean
C6C2DFE000
stack
page read and write
 clean
7FF56B3FF000
unkown image
page readonly
 clean
20D89102000
unkown
page read and write
 clean
7FF56B5C3000
unkown image
page readonly
 clean
7FF56B426000
unkown image
page readonly
 clean
7FF52F3B2000
unkown image
page readonly
 clean
7DF5DA8C2000
unkown image
page readonly
 clean
2209E002000
unkown
page read and write
 clean
7FF4F6B2E000
unkown image
page readonly
 clean
7FF52F32B000
unkown image
page readonly
 clean
23986500000
unkown image
page readonly
 clean
7FF535461000
unkown image
page readonly
 clean
21D677D0000
unkown
page read and write
 clean
7DF488920000
unkown image
page readonly
 clean
18E94F70000
unkown image
page read and write
 clean
18E94FC0000
unkown image
page readonly
 clean
7FF5E2671000
unkown image
page readonly
 clean
7FF57CD03000
unkown image
page readonly
 clean
7FF5CCC51000
unkown image
page readonly
 clean
7FF5358D3000
unkown image
page readonly
 clean
7DF5D4CB0000
unkown image
page readonly
 clean
7FF56B672000
unkown image
page readonly
 clean
7FF57CCE7000
unkown image
page readonly
 clean
A4DB6FE000
stack
page read and write
 clean
7DF4771D0000
unkown image
page readonly
 clean
2209D802000
unkown
page read and write
 clean
D6CBF79000
stack
page read and write
 clean
7FF5DA0BE000
unkown image
page readonly
 clean
2D3E5000000
unkown image
page readonly
 clean
7FF56B5AF000
unkown image
page readonly
 clean
23986570000
unkown
page read and write
 clean
7FF52F35D000
unkown image
page readonly
 clean
21EBFB61000
unkown
page read and write
 clean
14EF5CF0000
unkown image
page readonly
 clean
21D67750000
unkown image
page readonly
 clean
21EBF316000
unkown
page read and write
 clean
7FF5CCC32000
unkown image
page readonly
 clean
D6CC079000
stack
page read and write
 clean
7DF4D8790000
unkown image
page readonly
 clean
7FF53574D000
unkown image
page readonly
 clean
2D3E5202000
unkown
page read and write
 clean
C6C29FE000
stack
page read and write
 clean
7FF56B68A000
unkown image
page readonly
 clean
21EBF302000
unkown
page read and write
 clean
7FF57CCFF000
unkown image
page readonly
 clean
20D89650000
unkown image
page readonly
 clean
7FF5E1A75000
unkown image
page readonly
 clean
7FF5C6FCA000
unkown image
page readonly
 clean
21EBF2A6000
unkown
page read and write
 clean
7FF5358A7000
unkown image
page readonly
 clean
A4DB39B000
unkown
page read and write
 clean
1ED8324E000
unkown
page read and write
 clean
7FF4F6BEA000
unkown image
page readonly
 clean
1ED83232000
unkown
page read and write
 clean
51D0CFE000
stack
page read and write
 clean
18E9505E000
unkown
page read and write
 clean
51D10FE000
stack
page read and write
 clean
20D88F80000
unkown image
page readonly
 clean
7FF5DA0DA000
unkown image
page readonly
 clean
7FF5DA161000
unkown image
page readonly
 clean
7FF4F691A000
unkown image
page readonly
 clean
7DF504880000
unkown image
page readonly
 clean
D6CBEFA000
stack
page read and write
 clean
21D6784E000
unkown
page read and write
 clean
7FF57CC75000
unkown image
page readonly
 clean
7FF5CCB6D000
unkown image
page readonly
 clean
14EF6145000
heap private
page read and write
 clean
23986631000
unkown
page read and write
 clean
7FF4F6BE4000
unkown image
page readonly
 clean
7FF5C6E3B000
unkown image
page readonly
 clean
21EBF2B0000
unkown
page read and write
 clean
7FF4F6BF1000
unkown image
page readonly
 clean
7456B0B000
unkown
page read and write
 clean
20D88F80000
unkown image
page readonly
 clean
2209DA00000
unkown image
page readonly
 clean
7FF56B684000
unkown image
page readonly
 clean
21EBF250000
unkown
page read and write
 clean
21EBF24C000
unkown
page read and write
 clean
14EF5ED2000
unkown
page read and write
 clean
C6C287C000
stack
page read and write
 clean
7DF579300000
unkown image
page readonly
 clean
20D89013000
unkown
page read and write
 clean
7FF5351EE000
unkown image
page readonly
 clean
2D3E5100000
unkown image
page readonly
 clean
7FF5DA144000
unkown image
page readonly
 clean
21EBFB9B000
unkown
page read and write
 clean
21EBFBBB000
unkown
page read and write
 clean
7FF5C6F63000
unkown image
page readonly
 clean
7DF5435E0000
unkown image
page readonly
 clean
7FF52F3D5000
unkown image
page readonly
 clean
7DF5DA8E0000
unkown image
page readonly
 clean
7DF579302000
unkown image
page readonly
 clean
7FF5E1A6F000
unkown image
page readonly
 clean
23986550000
unkown
page read and write
 clean
1ED8327E000
unkown
page read and write
 clean
239867B0000
unkown
page read and write
 clean
7FF56B470000
unkown image
page readonly
 clean
2D3E4FD0000
unkown image
page readonly
 clean
21EBF25A000
unkown
page read and write
 clean
7DF579312000
unkown image
page readonly
 clean
7FF4F6BD2000
unkown image
page readonly
 clean
7FF56B277000
unkown image
page readonly
 clean
7FF57CCFD000
unkown image
page readonly
 clean
21EBF221000
unkown
page read and write
 clean
7FF5358A3000
unkown image
page readonly
 clean
7FF5E1D40000
unkown image
page readonly
 clean
7FF56B57E000
unkown image
page readonly
 clean
18E95113000
unkown
page read and write
 clean
7FF5E2593000
unkown image
page readonly
 clean
7DF5435F0000
unkown image
page readonly
 clean
7FF56B5CE000
unkown image
page readonly
 clean
7DF4EE1A0000
unkown image
page readonly
 clean
7FF4F6BD9000
unkown image
page readonly
 clean
7FF5357DB000
unkown image
page readonly
 clean
A4DBC78000
stack
page read and write
 clean
7FF4F6B77000
unkown image
page readonly
 clean
7FF535893000
unkown image
page readonly
 clean
21EBFBCD000
unkown
page read and write
 clean
7DF5F02D0000
unkown image
page readonly
 clean
21EBFB7C000
unkown
page read and write
 clean
1ED83284000
unkown
page read and write
 clean
7FF5CCC61000
unkown image
page readonly
 clean
7FF56B57A000
unkown image
page readonly
 clean
21EBFB50000
unkown
page read and write
 clean
14EF5CB0000
unkown image
page read and write
 clean
21EBFB84000
unkown
page read and write
 clean
21EBFBC2000
unkown
page read and write
 clean
2D3E5780000
unkown image
page readonly
 clean
23986654000
unkown
page read and write
 clean
7DF504872000
unkown image
page readonly
 clean
7FF5C6FC7000
unkown image
page readonly
 clean
7FF5E257D000
unkown image
page readonly
 clean
239865D0000
heap private
page read and write
 clean
7FF535706000
unkown image
page readonly
 clean
2D3E4FD0000
unkown image
page readonly
 clean
1ED83258000
unkown
page read and write
 clean
21EC0102000
unkown
page read and write
 clean
7FF5358F7000
unkown image
page readonly
 clean
20D89002000
unkown
page read and write
 clean
7FF56B4B7000
unkown image
page readonly
 clean
7FF57CA75000
unkown image
page readonly
 clean
2D3E5268000
unkown
page read and write
 clean
7FF5DA161000
unkown image
page readonly
 clean
7FF4F6B5E000
unkown image
page readonly
 clean
18E95650000
unkown image
page readonly
 clean
7FF57C8D1000
unkown image
page readonly
 clean
21D67902000
unkown
page read and write
 clean
21EBF256000
unkown
page read and write
 clean
7FF5CCBDA000
unkown image
page readonly
 clean
7FF5D9EE6000
unkown image
page readonly
 clean
7FF56B69A000
unkown image
page readonly
 clean
7DF58AA60000
unkown image
page readonly
 clean
7FF56B01C000
unkown image
page readonly
 clean
7DF5D4CD0000
unkown image
page readonly
 clean
21EBFBBD000
unkown
page read and write
 clean
18E94FF0000
unkown image
page readonly
 clean
7FF5358B7000
unkown image
page readonly
 clean
7DF5F02E0000
unkown image
page readonly
 clean
1ED83248000
unkown
page read and write
 clean
21EBF249000
unkown
page read and write
 clean
18E95013000
unkown
page read and write
 clean
21D67880000
unkown
page read and write
 clean
7DF5E7DC2000
unkown image
page readonly
 clean
7FF52F33E000
unkown image
page readonly
 clean
21EBFB8A000
unkown
page read and write
 clean
21EBFB8C000
unkown
page read and write
 clean
1ED83600000
unkown image
page readonly
 clean
7FF56B4FB000
unkown image
page readonly
 clean
7FF56B3AB000
unkown image
page readonly
 clean
7DF579320000
unkown image
page readonly
 clean
14EF5CD0000
unkown image
page readonly
 clean
21EBFB9B000
unkown
page read and write
 clean
21EBFB73000
unkown
page read and write
 clean
51D0C7C000
unkown
page read and write
 clean
A4DC0FF000
stack
page read and write
 clean
1ED8325F000
unkown
page read and write
 clean
7FF4F6AC2000
unkown image
page readonly
 clean
14EF5E40000
unkown image
page readonly
 clean
21EBF271000
unkown
page read and write
 clean
7FF5358DE000
unkown image
page readonly
 clean
7FF4F6B53000
unkown image
page readonly
 clean
7DF5DA8D0000
unkown image
page readonly
 clean
7FF56B61D000
unkown image
page readonly
 clean
21D67802000
unkown
page read and write
 clean
7DF4E5C90000
unkown image
page readonly
 clean
7FF5C6F73000
unkown image
page readonly
 clean
7FF5DA097000
unkown image
page readonly
 clean
7FF5C6FAE000
unkown image
page readonly
 clean
21EBF25B000
unkown
page read and write
 clean
D83A57C000
stack
page read and write
 clean
14EF6350000
unkown image
page readonly
 clean
7DF5E7DC0000
unkown image
page readonly
 clean
7FF5E2649000
unkown image
page readonly
 clean
21EBFB9B000
unkown
page read and write
 clean
21EBFBC8000
unkown
page read and write
 clean
7FF5DA0D7000
unkown image
page readonly
 clean
7FF4F68B7000
unkown image
page readonly
 clean
2D3E5600000
unkown image
page readonly
 clean
18E94F80000
heap private
page read and write
 clean
7FF52F3C4000
unkown image
page readonly
 clean
7DF5435E0000
unkown image
page readonly
 clean
21EBFBBE000
unkown
page read and write
 clean
7FF5CC8E9000
unkown image
page readonly
 clean
20D894D0000
unkown image
page readonly
 clean
7FF5C6F47000
unkown image
page readonly
 clean
21EBF6D0000
unkown image
page readonly
 clean
2D3E5302000
unkown
page read and write
 clean
23986658000
unkown
page read and write
 clean
7FF4F6B23000
unkown image
page readonly
 clean
7FF56B274000
unkown image
page readonly
 clean
7FF53576B000
unkown image
page readonly
 clean
7FF5DA073000
unkown image
page readonly
 clean
7FF4F6B0F000
unkown image
page readonly
 clean
A4DBEFA000
stack
page read and write
 clean
23987430000
unkown
page read and write
 clean
21EBF24D000
unkown
page read and write
 clean
C6C2C7D000
stack
page read and write
 clean
1ED83060000
unkown image
page readonly
 clean
7FF5D9F2D000
unkown image
page readonly
 clean
21D67908000
unkown
page read and write
 clean
2209D862000
unkown
page read and write
 clean
7FF5351F4000
unkown image
page readonly
 clean
7FF57CBDB000
unkown image
page readonly
 clean
20D88FA0000
unkown image
page readonly
 clean
21EBFBAC000
unkown
page read and write
 clean
7FF57CD4E000
unkown image
page readonly
 clean
21EBFB19000
unkown
page read and write
 clean
7FF5E25BB000
unkown image
page readonly
 clean
1ED83160000
unkown image
page readonly
 clean
7FF52F3E1000
unkown image
page readonly
 clean
21D67900000
unkown
page read and write
 clean
7FF52F3DA000
unkown image
page readonly
 clean
2D3E5275000
unkown
page read and write
 clean
21D67AD0000
unkown image
page readonly
 clean
2209D660000
heap private
page read and write
 clean
7FF56B5C7000
unkown image
page readonly
 clean
21EBFBC2000
unkown
page read and write
 clean
7FF56B455000
unkown image
page readonly
 clean
20D89051000
unkown
page read and write
 clean
1ED8326D000
unkown
page read and write
 clean
7FF57C65E000
unkown image
page readonly
 clean
7FF5358A0000
unkown image
page readonly
 clean
21EC006A000
unkown
page read and write
 clean
1ED83A02000
unkown
page read and write
 clean
7FF4F6986000
unkown image
page readonly
 clean
7FF5E2665000
unkown image
page readonly
 clean
7FF5C703A000
unkown image
page readonly
 clean
7DF5435E2000
unkown image
page readonly
 clean
7FF5CE581000
unkown image
page readonly
 clean
7DF543600000
unkown image
page readonly
 clean
7FF4F6C01000
unkown image
page readonly
 clean
7DF5E7DD0000
unkown image
page readonly
 clean
7FF52F3CA000
unkown image
page readonly
 clean
7DF4D2B80000
unkown image
page readonly
 clean
21EC0002000
unkown
page read and write
 clean
7FF57CBA1000
unkown image
page readonly
 clean
21EBFBA2000
unkown
page read and write
 clean
21EBFBBF000
unkown
page read and write
 clean
7FF52F30E000
unkown image
page readonly
 clean
7FF5DA132000
unkown image
page readonly
 clean
7FF56B367000
unkown image
page readonly
 clean
21EBFB90000
unkown
page read and write
 clean
A4DB67E000
stack
page read and write
 clean
20D8903D000
unkown
page read and write
 clean
7FF5E1EF9000
unkown image
page readonly
 clean
2209D888000
unkown
page read and write
 clean
8D742FE000
stack
page read and write
 clean
7FF56B617000
unkown image
page readonly
 clean
7FF56B551000
unkown image
page readonly
 clean
21D67780000
unkown image
page readonly
 clean
21D67860000
unkown
page read and write
 clean
1ED8325C000
unkown
page read and write
 clean
745707B000
stack
page read and write
 clean
21EBFBBF000
unkown
page read and write
 clean
7DF5DA8C2000
unkown image
page readonly
 clean
7FF535964000
unkown image
page readonly
 clean
7FF56B48B000
unkown image
page readonly
 clean
7FF56B6A1000
unkown image
page readonly
 clean
D83AC7F000
stack
page read and write
 clean
7FF57CD43000
unkown image
page readonly
 clean
14EF5EEE000
unkown
page read and write
 clean
239865E0000
heap default
page read and write
 clean
1ED83266000
unkown
page read and write
 clean
2209D85E000
unkown
page read and write
 clean
21EBFB9B000
unkown
page read and write
 clean
7FF56B5FE000
unkown image
page readonly
 clean
7FF5E2671000
unkown image
page readonly
 clean
7FF5D9FE1000
unkown image
page readonly
 clean
21D6788B000
unkown
page read and write
 clean
21EBF2EE000
unkown
page read and write
 clean
1ED8325E000
unkown
page read and write
 clean
7FF57CD3B000
unkown image
page readonly
 clean
7DF53D050000
unkown image
page readonly
 clean
7FF52F2F6000
unkown image
page readonly
 clean
1ED83080000
heap default
page read and write
 clean
7FF535605000
unkown image
page readonly
 clean
7DF5D4CB0000
unkown image
page readonly
 clean
21EBFB77000
unkown
page read and write
 clean
21EBF1F0000
unkown
page read and write
 clean
D83A77D000
stack
page read and write
 clean
21EC006A000
unkown
page read and write
 clean
20D89760000
unkown
page read and write
 clean
7DF5F02D0000
unkown image
page readonly
 clean
21D6783C000
unkown
page read and write
 clean
7FF5C6F5F000
unkown image
page readonly
 clean
20D88FD0000
heap default
page read and write
 clean
20D89033000
unkown
page read and write
 clean
7FF4F6B27000
unkown image
page readonly
 clean
1ED8327B000
unkown
page read and write
 clean
18E95052000
unkown
page read and write
 clean
2209D864000
unkown
page read and write
 clean
7456F7C000
stack
page read and write
 clean
14EF64D0000
unkown image
page readonly
 clean
7DF5E7DD2000
unkown image
page readonly
 clean
21D67871000
unkown
page read and write
 clean
20D88FE0000
unkown image
page readonly
 clean
7FF52F307000
unkown image
page readonly
 clean
7FF5E25ED000
unkown image
page readonly
 clean
1ED83240000
unkown
page read and write
 clean
21EBFBBD000
unkown
page read and write
 clean
2209D813000
unkown
page read and write
 clean
2209DC00000
unkown image
page readonly
 clean
51D0FFE000
stack
page read and write
 clean
7DF5435F2000
unkown image
page readonly
 clean
7FF56B5AD000
unkown image
page readonly
 clean
21EBF120000
unkown image
page readonly
 clean
21EBF229000
unkown
page read and write
 clean
7FF535981000
unkown image
page readonly
 clean
7FF535877000
unkown image
page readonly
 clean
7FF5E240A000
unkown image
page readonly
 clean
D83AD7F000
stack
page read and write
 clean
7FF57CC45000
unkown image
page readonly
 clean
A4DBDFE000
stack
page read and write
 clean
7FF57CDF1000
unkown image
page readonly
 clean
7DF43AF10000
unkown image
page readonly
 clean
7FF57CD1E000
unkown image
page readonly
 clean
21EBFB83000
unkown
page read and write
 clean
7FF5CCBBE000
unkown image
page readonly
 clean
3A70C7C000
stack
page read and write
 clean
21D67913000
unkown
page read and write
 clean
21EC0002000
unkown
page read and write
 clean
18E95064000
unkown
page read and write
 clean
21EBF2C5000
unkown
page read and write
 clean
7FF57CC71000
unkown image
page readonly
 clean
2209D6C0000
heap default
page read and write
 clean
7FF5357FB000
unkown image
page readonly
 clean
D6CC0FF000
stack
page read and write
 clean
21EBFB75000
unkown
page read and write
 clean
7FF56B405000
unkown image
page readonly
 clean
2209D860000
unkown
page read and write
 clean
23986649000
heap default
page read and write
 clean
7FF5E265A000
unkown image
page readonly
 clean
18E94F90000
unkown image
page readonly
 clean
7FF5E25C2000
unkown image
page readonly
 clean
20D89802000
unkown
page read and write
 clean
7DF5D4CB2000
unkown image
page readonly
 clean
21EBFB88000
unkown
page read and write
 clean
18E95029000
unkown
page read and write
 clean
1ED8326B000
unkown
page read and write
 clean
7DF53D060000
unkown image
page readonly
 clean
14EF5EEE000
unkown
page read and write
 clean
7FF57CD17000
unkown image
page readonly
 clean
7FF5DA0B3000
unkown image
page readonly
 clean
7FF57CC5C000
unkown image
page readonly
 clean
7FF52F2ED000
unkown image
page readonly
 clean
EE9FFFE000
stack
page read and write
 clean
7FF57CDE1000
unkown image
page readonly
 clean
1ED83229000
unkown
page read and write
 clean
18E9503C000
unkown
page read and write
 clean
7DF504870000
unkown image
page readonly
 clean
7FF57CBC0000
unkown image
page readonly
 clean
21EBF2FD000
unkown
page read and write
 clean
23986618000
heap default
page read and write
 clean
7FF57CBBD000
unkown image
page readonly
 clean
21EBF980000
unkown image
page read and write
 clean
7FF535467000
unkown image
page readonly
 clean
7FF4F6B58000
unkown image
page readonly
 clean
23986D50000
unkown image
page readonly
 clean
21D67813000
unkown
page read and write
 clean
745727F000
stack
page read and write
 clean
1ED83245000
unkown
page read and write
 clean
7FF56B61A000
unkown image
page readonly
 clean
2209D900000
unkown
page read and write
 clean
239865F0000
heap default
page read and write
 clean
21EBF2D7000
unkown
page read and write
 clean
239865E8000
heap default
page read and write
 clean
20D89760000
unkown
page read and write
 clean
7FF57C8D7000
unkown image
page readonly
 clean
7FF4F6AF7000
unkown image
page readonly
 clean
7FF5C6F3E000
unkown image
page readonly
 clean
7FF4F6B7D000
unkown image
page readonly
 clean
7FF535805000
unkown image
page readonly
 clean
7FF5C6DF4000
unkown image
page readonly
 clean
7FF56B007000
unkown image
page readonly
 clean
21EBF2A6000
unkown
page read and write
 clean
7FF52F2EF000
unkown image
page readonly
 clean
7FF5CCB80000
unkown image
page readonly
 clean
7FF52F303000
unkown image
page readonly
 clean
7FF5D9F4B000
unkown image
page readonly
 clean
21EBF308000
unkown
page read and write
 clean
2D3E5268000
unkown
page read and write
 clean
2D3E525B000
unkown
page read and write
 clean
7FF5DA069000
unkown image
page readonly
 clean
7FF5C6F77000
unkown image
page readonly
 clean
There are 900 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://express.adobe.com/page/hkJAopeNt4zI5/
 malicious
https://express.adobe.com/page/hkJAopeNt4zI5/?page-mode=static
 malicious
https://jamesviewzzhe.buzz/Doc/FBG/
 malicious
https://express.adobe.com/page/hkJAopeNt4zI5/images/9c33b71b-d8e1-48aa-95bd-59e31eefc1b6.jpg?asset_id=4dc86fc4-4724-4bf8-b092-15cad3c1c328&img_etag=%22d98521c635c8945cfcf964fa541e10ae%22&size=1024
 clean
https://jamesviewzzhe.buzz/Doc/FBG/office.php
 clean
https://jamesviewzzhe.buzz/Doc/FBG/microsoft.php
 clean
https://jamesviewzzhe.buzz/Doc/FBG/webmail.php
 clean