IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsJJJJKEHCAK.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AEBAFBGIDHCBFHIECFCB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\CFCGIIEH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\EHDBGDHDAECBGDHJKFIDGCBFBK
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\FCBFBGDB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\GHDHDGHJEBGIDGDGIJJK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\GHJJDGHCBGDHIECBGIDA
ASCII text, with very long lines (1743), with CRLF line terminators
dropped
C:\ProgramData\KKECBFCGIEGCBGCAECGCBAKECB
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1fb6db43-cbea-413f-aea2-01444ece3afd.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\43c3b10c-cb43-4afa-b844-51e869456b49.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6c75158d-7bd0-4599-95e7-3d5f7539fdf2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7c5ece53-89dc-4e48-9719-2ba7ec1fe664.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\867affdc-ca32-4060-975d-937538587e9f.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\d06b08ea-2957-4121-a871-f6ad4c03896b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67327020-1F88.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\022fe366-a43f-4d98-9fb0-9f11374f0fc1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\076754b8-e2d7-4205-bf78-41dd57fc20b3.tmp
Unicode text, UTF-8 text, with very long lines (14616), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5541bb02-a76c-40a5-8ead-28af34d2d89a.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\63c666f8-705b-40c4-8b61-d07dea2b3a6e.tmp
Unicode text, UTF-8 text, with very long lines (13674), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\75a4f5de-7c2e-4dd6-9d00-c2bf40153ab0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\80fb2982-f0fa-4d15-82e3-3fd42d2e7199.tmp
Unicode text, UTF-8 text, with very long lines (14451), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1f069596-4049-483d-8670-b18839b57861.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\318c478f-80d1-40e3-9216-f8ad7b0fca68.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3ea8bf75-6ca9-4867-8761-ee3a340574bb.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\511315ff-c603-4fc1-a03a-c01c03fcfa4f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\598d5c0d-0ff8-49f7-ba05-3b94a6738f9c.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF376f6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF38f02.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF394ee.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ed9551c0-16ce-43ac-ae59-e3419c50384f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
Unicode text, UTF-8 text, with very long lines (13674), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3b44d.TMP (copy)
Unicode text, UTF-8 text, with very long lines (13674), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3fca1.TMP (copy)
Unicode text, UTF-8 text, with very long lines (13674), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF471d1.TMP (copy)
Unicode text, UTF-8 text, with very long lines (13674), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3b19e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF3da63.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13375832355194661
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\1cb8e3d5-f6a5-4685-acc7-03d5baef9e8f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\59637599-c612-452f-88c5-781452d5ba65.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\69984c23-9eaf-405d-a033-b1f1fd966932.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6c5ea31b-4611-4dc0-9c89-bb74fffe4f6b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF38f02.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF394ee.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bb02eb6f-f42a-4b88-a9bb-22db9f70cd6c.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f2e953fa-7c87-4a5a-8191-8e12b53418d0.tmp
Unicode text, UTF-8 text, with very long lines (14616), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF35ebb.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF35ef9.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF360de.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38780.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF471a2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4cf43.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\cfd2beb1-6e37-47d2-93da-98f5b8437714.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ee5a4d79-c851-4118-8527-6439a1a2a636.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\1a1a96af-e16e-4be0-9146-59b876de36d4.tmp
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\5b164f54-cb03-4263-9acb-9f0d040128f5.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\67208bfc-ad9a-4667-9c9e-2b7d5b6ee92a.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\7dc9915d-8b45-4e36-84c8-6c65da5e2b68.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\8c614a3c-a298-4a70-abf7-6c27b549a987.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\9edbd9a6-3220-4626-a114-9c4aeeee79c1.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
dropped
C:\Users\user\AppData\Local\Temp\bbdb9d62-1383-4fe1-b301-595f8f3f0570.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\67208bfc-ad9a-4667-9c9e-2b7d5b6ee92a.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3700)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1181229178\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3705)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1615171256\7dc9915d-8b45-4e36-84c8-6c65da5e2b68.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1615171256\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1615171256\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1615171256\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1615171256\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 11 19:59:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 11 19:59:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 11 19:59:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 11 19:59:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 11 19:59:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 480
ASCII text, with very long lines (762)
downloaded
Chrome Cache Entry: 481
ASCII text
downloaded
Chrome Cache Entry: 482
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 483
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 484
ASCII text, with very long lines (1302)
downloaded
Chrome Cache Entry: 485
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 486
SVG Scalable Vector Graphics image
downloaded
There are 278 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2136,i,12775639409144419553,11993991066039672041,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2240,i,7192631829384180854,10696300089075255857,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=2124,i,14936426650964457149,4494918170705604154,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4440 --field-trial-handle=2124,i,14936426650964457149,4494918170705604154,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7404 --field-trial-handle=2124,i,14936426650964457149,4494918170705604154,262144 /prefetch:8
malicious
C:\Users\user\DocumentsJJJJKEHCAK.exe
"C:\Users\user\DocumentsJJJJKEHCAK.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7404 --field-trial-handle=2124,i,14936426650964457149,4494918170705604154,262144 /prefetch:8
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsJJJJKEHCAK.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 5 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731358764074&w=0&anoncknm=app_anon&NoResponseBody=true
104.208.16.90
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
https://aefd.nelreports.net/api/report?cat=bingcsp
unknown
https://sb.scorecardresearch.com/
unknown
https://deff.nelreports.net/api/report
unknown
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
unknown
https://docs.google.com/
unknown
https://deff.nelreports.net/api/report?cat=msnw
unknown
http://185.215.113.206/c4becf79229cb002.phpation
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731358764065&w=0&anoncknm=app_anon&NoResponseBody=true
104.208.16.90
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.185.100
https://unitedstates4.ss.wd.microsoft.us/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dlli
unknown
https://drive-daily-2.corp.google.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731358760996&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
104.208.16.90
https://drive-daily-4.corp.google.com/
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731358764822&w=0&anoncknm=app_anon&NoResponseBody=true
104.208.16.90
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206/c4becf79229cb002.php2
unknown
http://185.215.113.206/c4becf79229cb002.php7
unknown
https://drive-daily-5.corp.google.com/
unknown
https://plus.google.com
unknown
https://play.google.com/log?format=json&hasfast=true
142.250.185.110
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll)
unknown
https://www.google.com/chrome
unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0
216.58.206.46
https://www.msn.com/web-notification-icon-light.png
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
unknown
https://assets2.msn.com
unknown
https://chromewebstore.google.com/
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
unknown
https://msn.comXIDv10
unknown
https://chrome.google.com/webstore/
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://clients2.googleusercontent.com/crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx
142.250.186.161
https://assets.msn.cn/resolver/
unknown
https://clients6.google.com
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
http://185.215.113.206/0
unknown
http://185.215.113.206/c4becf79229cb002.php003
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
https://sb.scorecardresearch.com/b?rn=1731358760998&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1BD2121F17CE6DB91D24072B16C96CCE&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.65.39.56
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.206/c4becf79229cb002.phpp
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://ntp.msn.com
unknown
https://browser.events.data.msn.cn/
unknown
https://c.msn.com/c.gif?rnd=1731358760997&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=0c3054038b4c4f29955c63eaffb76002&activityId=0c3054038b4c4f29955c63eaffb76002&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=57EEA38E2A8F4411B12610F0A2EF9718&MUID=1BD2121F17CE6DB91D24072B16C96CCE
20.110.205.119
https://drive-staging.corp.google.com/
unknown
http://185.215.113.206/68b591d6548ec281/softokn3.dlln
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll
185.215.113.206
https://apis.google.com
unknown
https://ntp.msn.com/
unknown
https://domains.google.com/suggest/flow
unknown
http://www.sqlite.org/copyright.html.
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
unknown
https://ntp.msn.com/ntp.msn.com_default
unknown
http://185.215.113.206/c4becf79229cb002.phpX0
unknown
https://sb.scorecardresearch.com/b2?rn=1731358760998&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1BD2121F17CE6DB91D24072B16C96CCE&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
108.138.128.93
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
https://img-s.msn.cn/tenant/amp/entityid/
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dll
185.215.113.206
https://drive-autopush.corp.google.com/
unknown
http://185.215.113.206/c4becf79229cb002.php
185.215.113.206
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731358762719&w=0&anoncknm=app_anon&NoResponseBody=true
104.208.16.90
https://www.google.com/async/newtab_promos
142.250.185.100
http://185.215.113.206/68b591d6548ec281/sqlite3.dll_
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731358765072&w=0&anoncknm=app_anon&NoResponseBody=true
104.208.16.90
https://ntp.msn.comService-Worker-Allowed:
unknown
https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
162.159.61.3
plus.l.google.com
216.58.206.46
play.google.com
142.250.185.110
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.65.39.56
s-part-0017.t-0009.t-msedge.net
13.107.246.45
www.google.com
142.250.185.100
googlehosted.l.googleusercontent.com
142.250.186.161
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
assets2.msn.com
unknown
There are 6 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.5
unknown
unknown
malicious
185.215.113.16
unknown
Portugal
malicious
185.215.113.206
unknown
Portugal
malicious
13.107.246.40
unknown
United States
13.107.246.45
s-part-0017.t-0009.t-msedge.net
United States
142.250.185.100
www.google.com
United States
162.159.61.3
chrome.cloudflare-dns.com
United States
18.65.39.56
sb.scorecardresearch.com
United States
20.110.205.119
unknown
United States
108.138.128.93
unknown
United States
23.44.111.21
unknown
United States
23.33.40.148
unknown
United States
104.70.121.152
unknown
United States
23.57.90.101
unknown
United States
23.44.133.31
unknown
United States
142.250.185.110
play.google.com
United States
216.58.206.46
plus.l.google.com
United States
239.255.255.250
unknown
Reserved
20.96.153.111
unknown
United States
127.0.0.1
unknown
unknown
104.208.16.90
unknown
United States
204.79.197.219
unknown
United States
172.64.41.3
unknown
United States
142.250.186.161
googlehosted.l.googleusercontent.com
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
52.228.161.161
unknown
United States
There are 17 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197768
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197768
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197768
WindowTabManagerFileMappingId
There are 56 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
11000
unkown
page execute and read and write
 malicious
521000
unkown
page execute and read and write
 malicious
521000
unkown
page execute and read and write
 malicious
198E000
heap
page read and write
 malicious
DB1000
unkown
page execute and read and write
 malicious
53F0000
direct allocation
page read and write
 malicious
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
197E000
stack
page read and write
1DA28000
heap
page read and write
7E5000
heap
page read and write
7E5000
heap
page read and write
1DA4D000
heap
page read and write
D60000
heap
page read and write
4E40000
direct allocation
page execute and read and write
1DA17000
heap
page read and write
7E4000
heap
page read and write
46F0000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
117B000
unkown
page execute and read and write
2460000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
8DF000
heap
page read and write
2F0F000
stack
page read and write
46F0000
direct allocation
page read and write
7E4000
heap
page read and write
83D000
unkown
page execute and write copy
7E4000
heap
page read and write
4DA0000
direct allocation
page execute and read and write
84D000
unkown
page execute and read and write
2A1E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA29000
heap
page read and write
7E4000
heap
page read and write
78D000
unkown
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
DD0000
heap
page read and write
4850000
direct allocation
page execute and read and write
330E000
stack
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
23C2C000
heap
page read and write
DE4000
heap
page read and write
7E5000
heap
page read and write
23C35000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
84D000
unkown
page execute and write copy
7E4000
heap
page read and write
521000
unkown
page execute and write copy
319F000
stack
page read and write
2B4F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA35000
heap
page read and write
7E4000
heap
page read and write
3A9E000
stack
page read and write
7E4000
heap
page read and write
3397000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
1DA3F000
heap
page read and write
6C8D0000
unkown
page read and write
89E0000
heap
page read and write
58B000
unkown
page execute and read and write
7E4000
heap
page read and write
2D3E000
stack
page read and write
7E4000
heap
page read and write
7C7000
unkown
page execute and write copy
7E5000
heap
page read and write
1DA0E000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
61ED4000
direct allocation
page readonly
8DF000
heap
page read and write
7E4000
heap
page read and write
4E00000
direct allocation
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
6C6F0000
unkown
page readonly
F17000
unkown
page execute and read and write
7E4000
heap
page read and write
1DA2B000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
785000
unkown
page execute and read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
337E000
stack
page read and write
7E4000
heap
page read and write
2460000
direct allocation
page read and write
520000
unkown
page readonly
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
298000
unkown
page execute and read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7A5000
unkown
page execute and read and write
7E4000
heap
page read and write
5550000
direct allocation
page execute and read and write
E20000
heap
page read and write
7E4000
heap
page read and write
7B000
unkown
page execute and write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
603B000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4880000
direct allocation
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
6C8D5000
unkown
page readonly
369F000
stack
page read and write
75A000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
387E000
stack
page read and write
7E4000
heap
page read and write
7AE2000
heap
page read and write
E1E000
stack
page read and write
7E4000
heap
page read and write
582000
unkown
page execute and read and write
1DA48000
heap
page read and write
7E4000
heap
page read and write
DE7000
unkown
page execute and read and write
1DAC0000
heap
page read and write
4F61000
heap
page read and write
46F0000
direct allocation
page read and write
73B000
unkown
page execute and write copy
7E4000
heap
page read and write
420E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
2B97000
heap
page read and write
7E5000
heap
page read and write
7E5000
heap
page read and write
79E000
unkown
page execute and read and write
7E4000
heap
page read and write
1DA4D000
heap
page read and write
3A5F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
C4F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA4D000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
4D1E000
stack
page read and write
86D000
heap
page read and write
431F000
stack
page read and write
7E4000
heap
page read and write
8AE000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1D32F000
stack
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
E60000
direct allocation
page read and write
E60000
direct allocation
page read and write
2AA1C000
stack
page read and write
7E4000
heap
page read and write
8BC000
heap
page read and write
8BE000
heap
page read and write
5FDF000
stack
page read and write
4D70000
direct allocation
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
61EB7000
direct allocation
page readonly
7E4000
heap
page read and write
4B90000
direct allocation
page read and write
7E4000
heap
page read and write
1DA3F000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
373E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
8BE000
heap
page read and write
8EC000
stack
page read and write
824000
unkown
page execute and write copy
1DA2F000
heap
page read and write
7E4000
heap
page read and write
35BF000
stack
page read and write
78C000
unkown
page execute and write copy
4F61000
heap
page read and write
DE4000
heap
page read and write
3A1F000
stack
page read and write
2A91C000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
123E000
stack
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
480F000
stack
page read and write
7E4000
heap
page read and write
153E000
stack
page read and write
7E4000
heap
page read and write
1D75E000
stack
page read and write
7E4000
heap
page read and write
42DF000
stack
page read and write
7E4000
heap
page read and write
29FF000
stack
page read and write
7E4000
heap
page read and write
4241000
heap
page read and write
7F0000
heap
page read and write
7E4000
heap
page read and write
E84000
unkown
page execute and read and write
6C6F1000
unkown
page execute read
8D0000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4A9E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
5580000
direct allocation
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DB2C000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
6C8CF000
unkown
page write copy
419F000
stack
page read and write
7E5000
heap
page read and write
4F61000
heap
page read and write
645B000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
86B000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
63FC000
stack
page read and write
7E4000
heap
page read and write
295000
unkown
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
449E000
stack
page read and write
7E4000
heap
page read and write
1D89D000
stack
page read and write
297E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
597000
unkown
page execute and write copy
7E4000
heap
page read and write
309E000
stack
page read and write
39BE000
stack
page read and write
8E6000
heap
page read and write
3EBE000
stack
page read and write
331E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4CCF000
stack
page read and write
7E4000
heap
page read and write
589000
unkown
page write copy
7E4000
heap
page read and write
344E000
stack
page read and write
4DF0000
direct allocation
page execute and read and write
46F0000
direct allocation
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E5000
heap
page read and write
1DA25000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
2AB000
unkown
page execute and read and write
8E2000
heap
page read and write
4F61000
heap
page read and write
23BD0000
trusted library allocation
page read and write
7E4000
heap
page read and write
1DB20000
trusted library allocation
page read and write
7E4000
heap
page read and write
2E3F000
stack
page read and write
4F61000
heap
page read and write
1DA4D000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4CDE000
stack
page read and write
8DF000
heap
page read and write
1A12000
heap
page read and write
7E5000
heap
page read and write
6FB000
unkown
page execute and write copy
7CA000
unkown
page execute and read and write
83D000
unkown
page execute and write copy
4F61000
heap
page read and write
2C8F000
stack
page read and write
2B5E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
46F0000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA28000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
8C0000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
795000
unkown
page execute and write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
582000
unkown
page execute and write copy
7E4000
heap
page read and write
1E9000
unkown
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
88F000
heap
page read and write
7E4000
heap
page read and write
582000
unkown
page execute and read and write
7E4000
heap
page read and write
8E6000
heap
page read and write
2460000
direct allocation
page read and write
4840000
direct allocation
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E5000
heap
page read and write
4860000
direct allocation
page execute and read and write
8BA000
heap
page read and write
7E4000
heap
page read and write
397F000
stack
page read and write
1DA4D000
heap
page read and write
113E000
stack
page read and write
37DE000
stack
page read and write
23D00000
trusted library allocation
page read and write
129E000
unkown
page execute and write copy
7E4000
heap
page read and write
1DA4D000
heap
page read and write
32CF000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4F5F000
stack
page read and write
4E20000
direct allocation
page execute and read and write
347F000
stack
page read and write
7E4000
heap
page read and write
7BF000
unkown
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
32D000
unkown
page execute and write copy
1D99D000
stack
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
4F61000
heap
page read and write
31CE000
stack
page read and write
3BFF000
stack
page read and write
4D60000
direct allocation
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
455F000
stack
page read and write
1DA4D000
heap
page read and write
7E4000
heap
page read and write
202000
unkown
page execute and read and write
7DD000
unkown
page execute and read and write
3F4F000
stack
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
354F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
27D000
unkown
page execute and read and write
3380000
direct allocation
page read and write
7E5000
heap
page read and write
1DA30000
heap
page read and write
7E4000
heap
page read and write
6467000
heap
page read and write
7E4000
heap
page read and write
1DA4D000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
46D0000
direct allocation
page read and write
1DA2B000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
48F0000
direct allocation
page execute and read and write
7E4000
heap
page read and write
DE4000
heap
page read and write
E60000
direct allocation
page read and write
876000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
4E10000
direct allocation
page execute and read and write
7E4000
heap
page read and write
359F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
79A000
unkown
page execute and read and write
1DA17000
heap
page read and write
5590000
direct allocation
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
383F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
7BC000
unkown
page execute and write copy
4E30000
direct allocation
page execute and read and write
8B7000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
48A0000
direct allocation
page execute and read and write
7E4000
heap
page read and write
3D1E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA35000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
8A5000
heap
page read and write
7E4000
heap
page read and write
3ABF000
stack
page read and write
1DA36000
heap
page read and write
7E4000
heap
page read and write
395E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
2BBF000
stack
page read and write
7E4000
heap
page read and write
61ECD000
direct allocation
page readonly
257F000
stack
page read and write
8D1000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
8A4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
2460000
direct allocation
page read and write
23C91000
heap
page read and write
7E4000
heap
page read and write
6C6E2000
unkown
page readonly
7C7000
unkown
page execute and write copy
40FF000
stack
page read and write
1DA2E000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
33D000
unkown
page execute and read and write
391E000
stack
page read and write
4F61000
heap
page read and write
1EB000
unkown
page execute and write copy
8AD000
heap
page read and write
7E4000
heap
page read and write
2A5000
unkown
page execute and write copy
785000
unkown
page execute and read and write
7E4000
heap
page read and write
3390000
heap
page read and write
7E4000
heap
page read and write
1DA16000
heap
page read and write
E34000
unkown
page execute and read and write
7E4000
heap
page read and write
314000
unkown
page execute and write copy
5D5F000
stack
page read and write
53F0000
direct allocation
page read and write
435E000
stack
page read and write
23C1D000
heap
page read and write
458F000
stack
page read and write
390F000
stack
page read and write
1DAC2000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7A4000
unkown
page execute and write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
712000
unkown
page execute and read and write
7E4000
heap
page read and write
84D000
unkown
page execute and write copy
7E4000
heap
page read and write
48E0000
direct allocation
page execute and read and write
1A7C000
heap
page read and write
8E6000
heap
page read and write
58B000
unkown
page execute and read and write
1DA3F000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
E2E000
stack
page read and write
2A8D0000
heap
page read and write
7E4000
heap
page read and write
1DA31000
heap
page read and write
335E000
stack
page read and write
46CF000
stack
page read and write
1DA31000
heap
page read and write
1DA27000
heap
page read and write
542C000
stack
page read and write
4F61000
heap
page read and write
E60000
direct allocation
page read and write
DA0000
heap
page read and write
7E4000
heap
page read and write
4821000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
3D7E000
stack
page read and write
7E5000
heap
page read and write
1DA16000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
48C0000
direct allocation
page execute and read and write
7E4000
heap
page read and write
2460000
direct allocation
page read and write
7E5000
heap
page read and write
7E5000
heap
page read and write
1DA0D000
heap
page read and write
391F000
stack
page read and write
7E4000
heap
page read and write
4F62000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4701000
heap
page read and write
1DA0D000
heap
page read and write
7E4000
heap
page read and write
25BB000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7A6000
unkown
page execute and write copy
7E4000
heap
page read and write
7A6000
unkown
page execute and write copy
7E4000
heap
page read and write
3380000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
77B000
unkown
page execute and write copy
1DA31000
heap
page read and write
4F61000
heap
page read and write
434E000
stack
page read and write
83B000
unkown
page execute and read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
53F0000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
2450000
heap
page read and write
1DA4D000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
125F000
unkown
page execute and read and write
7E4000
heap
page read and write
84F000
heap
page read and write
4E1F000
stack
page read and write
7E4000
heap
page read and write
7AD000
unkown
page execute and read and write
7E4000
heap
page read and write
129E000
unkown
page execute and read and write
7E4000
heap
page read and write
4954000
heap
page read and write
79E000
unkown
page execute and read and write
2F7000
unkown
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
408F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
8C0000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
58B000
unkown
page execute and write copy
8B5000
heap
page read and write
7E5000
heap
page read and write
244E000
stack
page read and write
4D30000
direct allocation
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA28000
heap
page read and write
41DF000
stack
page read and write
4870000
direct allocation
page execute and read and write
E60000
direct allocation
page read and write
61ECC000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
DB0000
unkown
page readonly
7E4000
heap
page read and write
7E4000
heap
page read and write
20D000
unkown
page execute and write copy
7BF000
unkown
page execute and read and write
552F000
stack
page read and write
DB0000
unkown
page read and write
2B8E000
stack
page read and write
3E4E000
stack
page read and write
8E2000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
495E000
stack
page read and write
3CDF000
stack
page read and write
1DA29000
heap
page read and write
807000
unkown
page execute and read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
1DA17000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA31000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4701000
heap
page read and write
6C651000
unkown
page execute read
37CF000
stack
page read and write
46F0000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
304F000
stack
page read and write
DE4000
heap
page read and write
C50000
heap
page read and write
8E2000
heap
page read and write
2CA000
unkown
page execute and write copy
7E4000
heap
page read and write
851000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
23CA4000
heap
page read and write
7E4000
heap
page read and write
413E000
stack
page read and write
2AC000
unkown
page execute and write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
597000
unkown
page execute and write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
3AFE000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
275000
unkown
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
257000
unkown
page execute and read and write
4F60000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
423F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA2B000
heap
page read and write
7E4000
heap
page read and write
23BD0000
heap
page read and write
4F61000
heap
page read and write
7E5000
heap
page read and write
DE4000
heap
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
1D60E000
stack
page read and write
46DE000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
5560000
direct allocation
page execute and read and write
23B33000
heap
page read and write
7E4000
heap
page read and write
72000
unkown
page execute and write copy
73B000
unkown
page execute and write copy
71D000
unkown
page execute and read and write
10000
unkown
page readonly
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
3380000
direct allocation
page read and write
1DA23000
heap
page read and write
7E4000
heap
page read and write
61ED3000
direct allocation
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
27FF000
stack
page read and write
1DA31000
heap
page read and write
4A5F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
459E000
stack
page read and write
7E5000
heap
page read and write
2CCE000
stack
page read and write
7E4000
heap
page read and write
2460000
direct allocation
page read and write
31DE000
stack
page read and write
7E4000
heap
page read and write
2460000
direct allocation
page read and write
7E4000
heap
page read and write
CF0000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
71D000
unkown
page execute and write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
23C1B000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4E70000
direct allocation
page execute and read and write
4F61000
heap
page read and write
589000
unkown
page write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
101F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA31000
heap
page read and write
244000
unkown
page execute and write copy
7E4000
heap
page read and write
28FE000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
7E5000
heap
page read and write
674E000
heap
page read and write
1DA2A000
heap
page read and write
7E4000
heap
page read and write
4F70000
heap
page read and write
7E5000
heap
page read and write
3F9E000
stack
page read and write
1A38000
heap
page read and write
7E4000
heap
page read and write
3D0E000
stack
page read and write
36FF000
stack
page read and write
E60000
direct allocation
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
78C000
unkown
page execute and write copy
7E4000
heap
page read and write
851000
heap
page read and write
589000
unkown
page write copy
7E4000
heap
page read and write
1290000
unkown
page execute and read and write
7E4000
heap
page read and write
613C000
stack
page read and write
1DA19000
heap
page read and write
7E5000
heap
page read and write
4F61000
heap
page read and write
11000
unkown
page execute and write copy
7B0000
heap
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
7E5000
heap
page read and write
5426000
direct allocation
page read and write
4F61000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA29000
heap
page read and write
4830000
direct allocation
page execute and read and write
26D000
unkown
page execute and read and write
7E4000
heap
page read and write
2460000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
3D3F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
157E000
stack
page read and write
4B40000
trusted library allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4850000
direct allocation
page execute and read and write
7E4000
heap
page read and write
469F000
stack
page read and write
8BC000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7AE0000
heap
page read and write
65AE000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
11000
unkown
page execute and write copy
7E4000
heap
page read and write
7CDC000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4EA0000
direct allocation
page execute and read and write
23C23000
heap
page read and write
7E4000
heap
page read and write
3380000
direct allocation
page read and write
233000
unkown
page execute and write copy
7E4000
heap
page read and write
E2A000
heap
page read and write
E80000
unkown
page execute and read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
30BF000
stack
page read and write
26B000
unkown
page execute and write copy
1DA0D000
heap
page read and write
7E4000
heap
page read and write
421E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
23CD0000
trusted library allocation
page read and write
2460000
direct allocation
page read and write
E2E000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
2460000
direct allocation
page read and write
7E4000
heap
page read and write
1DA17000
heap
page read and write
1D70F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
88F000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
807000
unkown
page execute and read and write
7E4000
heap
page read and write
325000
unkown
page execute and write copy
4F61000
heap
page read and write
7E4000
heap
page read and write
BCE000
stack
page read and write
2A40000
heap
page read and write
7E4000
heap
page read and write
47DF000
stack
page read and write
1DA3F000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
22B000
unkown
page execute and write copy
4F61000
heap
page read and write
143A000
unkown
page execute and read and write
557E000
stack
page read and write
1DA49000
heap
page read and write
6750000
heap
page read and write
7E4000
heap
page read and write
743000
unkown
page execute and write copy
3CCF000
stack
page read and write
1DA36000
heap
page read and write
4C60000
trusted library allocation
page read and write
1DA31000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
DE4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
743000
unkown
page execute and write copy
4E90000
direct allocation
page execute and read and write
7E4000
heap
page read and write
19E8000
heap
page read and write
1DA31000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA28000
heap
page read and write
409E000
stack
page read and write
41DE000
stack
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
4701000
heap
page read and write
520000
unkown
page read and write
7E4000
heap
page read and write
DE4000
heap
page read and write
1DA3F000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
3B9F000
stack
page read and write
7E5000
heap
page read and write
3A5E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
5570000
direct allocation
page execute and read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
193E000
stack
page read and write
795000
unkown
page execute and write copy
79000
unkown
page write copy
2E0E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
83E000
heap
page read and write
7E4000
heap
page read and write
84D000
unkown
page execute and read and write
7A9000
unkown
page execute and write copy
1DA3F000
heap
page read and write
1DA29000
heap
page read and write
4D10000
direct allocation
page execute and read and write
7E4000
heap
page read and write
5C56000
heap
page read and write
744000
unkown
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA35000
heap
page read and write
7E4000
heap
page read and write
308E000
stack
page read and write
8AE000
heap
page read and write
5FE0000
heap
page read and write
444F000
stack
page read and write
22D000
unkown
page execute and read and write
7E4000
heap
page read and write
79A000
unkown
page execute and read and write
7E4000
heap
page read and write
4D10000
direct allocation
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
6C88F000
unkown
page readonly
7E4000
heap
page read and write
7E4000
heap
page read and write
46F0000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
18FE000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
481F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
45CE000
stack
page read and write
7E4000
heap
page read and write
6C6CD000
unkown
page readonly
7E4000
heap
page read and write
2460000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
728000
unkown
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4850000
direct allocation
page execute and read and write
7E4000
heap
page read and write
61EB4000
direct allocation
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
46F0000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7A5000
unkown
page execute and read and write
1DA35000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
491F000
stack
page read and write
48D0000
direct allocation
page execute and read and write
4CF0000
direct allocation
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
B4E000
stack
page read and write
7E4000
heap
page read and write
8D0000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
299000
unkown
page execute and write copy
7AE8000
heap
page read and write
7E5000
heap
page read and write
6483000
heap
page read and write
7E4000
heap
page read and write
2E7E000
stack
page read and write
4F61000
heap
page read and write
4F61000
heap
page read and write
7E5000
heap
page read and write
842000
heap
page read and write
1DA27000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
2E1E000
stack
page read and write
4F61000
heap
page read and write
81E0000
trusted library allocation
page read and write
7AD000
unkown
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
2CDE000
stack
page read and write
4F61000
heap
page read and write
1A44000
heap
page read and write
8E6000
heap
page read and write
7E4000
heap
page read and write
627E000
stack
page read and write
1DA36000
heap
page read and write
7E4000
heap
page read and write
46DF000
stack
page read and write
7E4000
heap
page read and write
2B70000
direct allocation
page read and write
4E00000
direct allocation
page execute and read and write
7E4000
heap
page read and write
8C0000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
216000
unkown
page execute and write copy
2C9F000
stack
page read and write
7E4000
heap
page read and write
D6E000
stack
page read and write
23D9E000
heap
page read and write
1DA23000
heap
page read and write
83D000
unkown
page execute and write copy
4701000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
6C6DE000
unkown
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA31000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
3E7F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
3B8F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
2CD000
unkown
page execute and read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
2A3E000
stack
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
4821000
heap
page read and write
8A4000
heap
page read and write
7E4000
heap
page read and write
C60000
heap
page read and write
E8D000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
23BD0000
trusted library allocation
page read and write
7E4000
heap
page read and write
394E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
6456000
heap
page read and write
7E4000
heap
page read and write
83B000
unkown
page execute and read and write
459F000
stack
page read and write
7E4000
heap
page read and write
3E1F000
stack
page read and write
7E4000
heap
page read and write
3380000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
2AF000
unkown
page execute and read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
3380000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7BC000
unkown
page execute and write copy
4F61000
heap
page read and write
3360000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E0000
heap
page read and write
8EE000
heap
page read and write
7E4000
heap
page read and write
4D20000
direct allocation
page execute and read and write
7E4000
heap
page read and write
1DA45000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
6480000
heap
page read and write
77D000
unkown
page execute and read and write
C20000
heap
page read and write
61ED0000
direct allocation
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA46000
heap
page read and write
7E4000
heap
page read and write
285000
unkown
page execute and write copy
7E4000
heap
page read and write
9FC000
stack
page read and write
7E4000
heap
page read and write
2DCF000
stack
page read and write
6F9000
unkown
page execute and read and write
349F000
stack
page read and write
5540000
direct allocation
page execute and read and write
7E4000
heap
page read and write
8DA000
heap
page read and write
7E4000
heap
page read and write
4CE0000
direct allocation
page execute and read and write
34BE000
stack
page read and write
3BDE000
stack
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
726000
unkown
page execute and write copy
7E4000
heap
page read and write
7E5000
heap
page read and write
4701000
heap
page read and write
1DA17000
heap
page read and write
E60000
direct allocation
page read and write
7E4000
heap
page read and write
4820000
direct allocation
page execute and read and write
7E4000
heap
page read and write
3E0F000
stack
page read and write
294000
unkown
page execute and write copy
1DA4A000
heap
page read and write
DE4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
79B000
unkown
page execute and write copy
339E000
heap
page read and write
46F0000
direct allocation
page read and write
7E4000
heap
page read and write
1DA49000
heap
page read and write
7E4000
heap
page read and write
1DA31000
heap
page read and write
7E4000
heap
page read and write
46F0000
direct allocation
page read and write
15FB000
stack
page read and write
8D0000
heap
page read and write
7E4000
heap
page read and write
5C1E000
stack
page read and write
8A4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
8BE000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
767000
unkown
page execute and read and write
7E4000
heap
page read and write
1DA2A000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
E60000
direct allocation
page read and write
7E4000
heap
page read and write
5C55000
heap
page read and write
4D00000
direct allocation
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA28000
heap
page read and write
7E5000
heap
page read and write
305F000
stack
page read and write
4F61000
heap
page read and write
CFD000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7B5000
unkown
page execute and write copy
7E4000
heap
page read and write
35FE000
stack
page read and write
6C650000
unkown
page readonly
369F000
stack
page read and write
7E4000
heap
page read and write
6740000
heap
page read and write
5E9F000
stack
page read and write
1980000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
1A3D000
heap
page read and write
7E4000
heap
page read and write
1DA3F000
heap
page read and write
7E4000
heap
page read and write
4E50000
direct allocation
page execute and read and write
1D5AF000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
2ABE000
stack
page read and write
79B000
unkown
page execute and write copy
7E4000
heap
page read and write
7CA000
unkown
page execute and read and write
7E4000
heap
page read and write
8A02000
heap
page read and write
7E4000
heap
page read and write
2F5E000
stack
page read and write
7E5000
heap
page read and write
8A7000
heap
page read and write
7E4000
heap
page read and write
2B70000
direct allocation
page read and write
DE4000
heap
page read and write
23D98000
heap
page read and write
1DA31000
heap
page read and write
23C15000
heap
page read and write
3F1F000
stack
page read and write
4850000
direct allocation
page execute and read and write
754000
unkown
page execute and write copy
4BDE000
stack
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4950000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
ACC000
stack
page read and write
D00000
heap
page read and write
7E4000
heap
page read and write
520000
unkown
page readonly
8BC000
heap
page read and write
2A47000
heap
page read and write
323000
unkown
page execute and write copy
71D000
unkown
page execute and write copy
341F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
D00000
heap
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
833000
unkown
page execute and write copy
4850000
direct allocation
page execute and read and write
4D80000
direct allocation
page execute and read and write
7E4000
heap
page read and write
41CF000
stack
page read and write
1DA3F000
heap
page read and write
4F61000
heap
page read and write
4E00000
direct allocation
page execute and read and write
7E4000
heap
page read and write
4D10000
direct allocation
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
3380000
direct allocation
page read and write
10000
unkown
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
DE4000
heap
page read and write
7E4000
heap
page read and write
1DA02000
heap
page read and write
7E5000
heap
page read and write
767000
unkown
page execute and read and write
7E4000
heap
page read and write
2F1F000
stack
page read and write
3E1E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
340F000
stack
page read and write
7E4000
heap
page read and write
27C000
unkown
page execute and write copy
3F5E000
stack
page read and write
2DDF000
stack
page read and write
7E4000
heap
page read and write
53A0000
trusted library allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
48B0000
direct allocation
page execute and read and write
19CF000
heap
page read and write
8ED000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7FE000
heap
page read and write
7E4000
heap
page read and write
520000
unkown
page read and write
1DA3F000
heap
page read and write
7E4000
heap
page read and write
77E000
unkown
page execute and write copy
726000
unkown
page execute and write copy
7E4000
heap
page read and write
46F0000
direct allocation
page read and write
4241000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7B000
unkown
page execute and write copy
2477000
heap
page read and write
4DE0000
direct allocation
page execute and read and write
827000
unkown
page execute and write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4B90000
direct allocation
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
36CE000
stack
page read and write
23D9A000
heap
page read and write
87000
unkown
page execute and write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
712000
unkown
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
345E000
stack
page read and write
359E000
stack
page read and write
7E4000
heap
page read and write
430F000
stack
page read and write
7E4000
heap
page read and write
1DA00000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
833000
unkown
page execute and write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
23C2F000
heap
page read and write
7E4000
heap
page read and write
DE4000
heap
page read and write
7E4000
heap
page read and write
8BC000
heap
page read and write
1DA23000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
381E000
stack
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
4E00000
direct allocation
page execute and read and write
7E4000
heap
page read and write
1DA3F000
heap
page read and write
7E4000
heap
page read and write
7B5000
unkown
page execute and write copy
7E4000
heap
page read and write
1DA47000
heap
page read and write
26E000
unkown
page execute and write copy
23A99000
heap
page read and write
7E4000
heap
page read and write
7BB000
unkown
page execute and read and write
8DF000
heap
page read and write
3FBF000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
79000
unkown
page write copy
77B000
unkown
page execute and write copy
4BCE000
stack
page read and write
7E4000
heap
page read and write
5D9E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7DD000
unkown
page execute and read and write
7E4000
heap
page read and write
66AE000
stack
page read and write
7E4000
heap
page read and write
582000
unkown
page execute and write copy
5EDE000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA28000
heap
page read and write
3CDE000
stack
page read and write
23D90000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA31000
heap
page read and write
7E5000
heap
page read and write
833000
unkown
page execute and write copy
4F61000
heap
page read and write
7E5000
heap
page read and write
37DF000
stack
page read and write
3FFE000
stack
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
4D10000
direct allocation
page execute and read and write
7E4000
heap
page read and write
2AA20000
heap
page read and write
7E4000
heap
page read and write
20D000
unkown
page execute and read and write
7E4000
heap
page read and write
834000
unkown
page execute and read and write
A0E000
stack
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
4E00000
direct allocation
page execute and read and write
7E4000
heap
page read and write
3B9E000
stack
page read and write
4DB0000
direct allocation
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
3C9F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7DA000
unkown
page execute and write copy
8E2000
heap
page read and write
296000
unkown
page execute and write copy
7E4000
heap
page read and write
1DA3F000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
46F0000
direct allocation
page read and write
83D000
unkown
page execute and write copy
7E4000
heap
page read and write
234000
unkown
page execute and read and write
7E4000
heap
page read and write
40DE000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
31FF000
stack
page read and write
7E4000
heap
page read and write
8DF000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
3A8E000
stack
page read and write
4F61000
heap
page read and write
833000
unkown
page execute and write copy
4F61000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
3DDF000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4680000
trusted library allocation
page read and write
7E4000
heap
page read and write
445E000
stack
page read and write
2B90000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA33000
heap
page read and write
4F61000
heap
page read and write
1DA31000
heap
page read and write
1DA4D000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
86B000
heap
page read and write
7E4000
heap
page read and write
E60000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
2B7000
unkown
page execute and write copy
8E6000
heap
page read and write
8DF000
heap
page read and write
4F61000
heap
page read and write
835000
unkown
page execute and write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
4890000
direct allocation
page execute and read and write
3F8E000
stack
page read and write
2CFF000
stack
page read and write
379F000
stack
page read and write
73D000
unkown
page execute and read and write
8E6000
heap
page read and write
323000
unkown
page execute and write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4E00000
direct allocation
page execute and read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
8E2000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
DE4000
heap
page read and write
7E4000
heap
page read and write
4B9F000
stack
page read and write
4F61000
heap
page read and write
77D000
unkown
page execute and read and write
77E000
unkown
page execute and write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
331F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
2AA21000
heap
page read and write
4D10000
direct allocation
page execute and read and write
DCE000
stack
page read and write
339B000
heap
page read and write
45DE000
stack
page read and write
323E000
stack
page read and write
1DA28000
heap
page read and write
D70000
heap
page read and write
5570000
direct allocation
page execute and read and write
6750000
heap
page read and write
1DA1D000
heap
page read and write
3380000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4D50000
direct allocation
page execute and read and write
7E4000
heap
page read and write
1DA3F000
heap
page read and write
23CD0000
trusted library allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
834000
unkown
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
2BFE000
stack
page read and write
9ED000
stack
page read and write
7E4000
heap
page read and write
FFC000
unkown
page execute and read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
28E000
unkown
page execute and read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1A5C000
heap
page read and write
19D7000
heap
page read and write
E70000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
46D0000
heap
page read and write
2470000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
324000
unkown
page execute and read and write
7E4000
heap
page read and write
DE4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7BB000
unkown
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
20D000
unkown
page execute and write copy
28A000
unkown
page execute and read and write
7E4000
heap
page read and write
23DA2000
heap
page read and write
283E000
stack
page read and write
431E000
stack
page read and write
7E4000
heap
page read and write
4E60000
direct allocation
page execute and read and write
D05000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
2A7F000
stack
page read and write
7E4000
heap
page read and write
2B1F000
stack
page read and write
1D4AD000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
38DF000
stack
page read and write
368F000
stack
page read and write
3B5F000
stack
page read and write
26BF000
stack
page read and write
1DA31000
heap
page read and write
7E4000
heap
page read and write
72000
unkown
page execute and read and write
6FB000
unkown
page execute and write copy
73D000
unkown
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA4B000
heap
page read and write
7E4000
heap
page read and write
2FBE000
stack
page read and write
26FE000
stack
page read and write
2F7F000
stack
page read and write
7E4000
heap
page read and write
88F000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
BC3000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
29D000
unkown
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA2B000
heap
page read and write
7E4000
heap
page read and write
5C50000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
E60000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1D85C000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
36DE000
stack
page read and write
FE8000
unkown
page execute and read and write
7E5000
heap
page read and write
7B000
unkown
page execute and read and write
7A9000
unkown
page execute and write copy
7E5000
heap
page read and write
7E4000
heap
page read and write
617E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1A4A000
heap
page read and write
3380000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
E60000
direct allocation
page read and write
8A4000
heap
page read and write
333F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
728000
unkown
page execute and read and write
1287000
unkown
page execute and read and write
409F000
stack
page read and write
8BA000
heap
page read and write
7E4000
heap
page read and write
3380000
direct allocation
page read and write
7E4000
heap
page read and write
1DA4D000
heap
page read and write
58B000
unkown
page execute and write copy
6472000
heap
page read and write
DE4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA2E000
heap
page read and write
7E4000
heap
page read and write
198A000
heap
page read and write
1D36E000
stack
page read and write
E65000
unkown
page execute and read and write
4821000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4240000
heap
page read and write
7E4000
heap
page read and write
2460000
direct allocation
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
E60000
direct allocation
page read and write
589000
unkown
page write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7A4000
unkown
page execute and write copy
4F61000
heap
page read and write
4820000
heap
page read and write
3380000
direct allocation
page read and write
7E5000
heap
page read and write
32DF000
stack
page read and write
1DA4D000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
28B000
unkown
page execute and write copy
445F000
stack
page read and write
30FE000
stack
page read and write
7E4000
heap
page read and write
4E80000
direct allocation
page execute and read and write
4850000
direct allocation
page execute and read and write
1DA2D000
heap
page read and write
470C000
stack
page read and write
23C19000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
2BA000
unkown
page execute and read and write
1DA29000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
32D000
unkown
page execute and write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
46F0000
direct allocation
page read and write
7E4000
heap
page read and write
CCE000
stack
page read and write
4CDF000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
835000
unkown
page execute and write copy
E60000
direct allocation
page read and write
23BF0000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
6458000
heap
page read and write
3380000
direct allocation
page read and write
1DA2C000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
521000
unkown
page execute and write copy
7E4000
heap
page read and write
46F0000
direct allocation
page read and write
8AE000
heap
page read and write
6C8CE000
unkown
page read and write
405F000
stack
page read and write
DE4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
2B80000
direct allocation
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA0B000
heap
page read and write
7E5000
heap
page read and write
B0F000
stack
page read and write
471E000
stack
page read and write
448E000
stack
page read and write
7E4000
heap
page read and write
4DDF000
stack
page read and write
1DA28000
heap
page read and write
40CE000
stack
page read and write
7E4000
heap
page read and write
7C0000
heap
page read and write
4F61000
heap
page read and write
3E5E000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
824000
unkown
page execute and write copy
7E4000
heap
page read and write
318F000
stack
page read and write
7E4000
heap
page read and write
E60000
direct allocation
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
1D46F000
stack
page read and write
7E4000
heap
page read and write
4700000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
3F5F000
stack
page read and write
7E4000
heap
page read and write
4D10000
direct allocation
page execute and read and write
380E000
stack
page read and write
7FA000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7A8000
unkown
page execute and read and write
7E4000
heap
page read and write
61E01000
direct allocation
page execute read
7E4000
heap
page read and write
7E4000
heap
page read and write
8C0000
heap
page read and write
7E4000
heap
page read and write
46D0000
direct allocation
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
6F9000
unkown
page execute and read and write
15BE000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
DE0000
heap
page read and write
7E4000
heap
page read and write
481E000
stack
page read and write
23CA2000
heap
page read and write
3380000
direct allocation
page read and write
7E4000
heap
page read and write
E50000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
355F000
stack
page read and write
78D000
unkown
page execute and read and write
7E4000
heap
page read and write
3380000
direct allocation
page read and write
129F000
unkown
page execute and write copy
2460000
direct allocation
page read and write
7E4000
heap
page read and write
754000
unkown
page execute and write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4F80000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4D90000
direct allocation
page execute and read and write
2460000
direct allocation
page read and write
293F000
stack
page read and write
7E4000
heap
page read and write
33D000
unkown
page execute and write copy
4F61000
heap
page read and write
2F4E000
stack
page read and write
7E4000
heap
page read and write
358E000
stack
page read and write
DB1000
unkown
page execute and write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1A33000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
1DA46000
heap
page read and write
7E4000
heap
page read and write
744000
unkown
page execute and read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7A8000
unkown
page execute and read and write
317000
unkown
page execute and write copy
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
3C3E000
stack
page read and write
7E4000
heap
page read and write
BC8000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4F61000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
3A4F000
stack
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7DA000
unkown
page execute and write copy
827000
unkown
page execute and write copy
4701000
heap
page read and write
E7B000
heap
page read and write
8E2000
heap
page read and write
218000
unkown
page execute and read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
4241000
heap
page read and write
8BE000
heap
page read and write
7E4000
heap
page read and write
86C000
heap
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
7E5000
heap
page read and write
61E00000
direct allocation
page execute and read and write
7E4000
heap
page read and write
3BCE000
stack
page read and write
143B000
unkown
page execute and write copy
4D40000
direct allocation
page execute and read and write
8BB000
heap
page read and write
D75000
heap
page read and write
4E5E000
stack
page read and write
441F000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
71D000
unkown
page execute and read and write
32B000
unkown
page execute and read and write
65B000
stack
page read and write
7E4000
heap
page read and write
7E4000
heap
page read and write
28BE000
stack
page read and write
6741000
heap
page read and write
7E4000
heap
page read and write
There are 2046 hidden memdumps, click here to show them.