IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsBAAFIJKKEH.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AFBAFBKEGCFBGCBFIDAK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\BFBAAFHDHCBGCAKFHDAK
ASCII text, with very long lines (1743), with CRLF line terminators
dropped
C:\ProgramData\BGHCGCAE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\DBAEGCGC
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\JKJDBAAAEHIEGCAKFHCGDHIEGD
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\JKKECBGIIIEBGCBGIDHDGCAKJE
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\KFIJJJEBGCFBGDHIDGCA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1c9e4a80-1e18-4165-87b7-661239cf45a2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2522088e-8ae7-41a5-8795-44fe6752038f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\41efbd67-3c6b-4d00-abfb-ef002b728ec5.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\48bbcf2d-4459-4ab7-bded-085bd32d8929.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6826ea0c-5647-4e3b-9bcc-14c820c0f068.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6d19523f-d0a6-4852-9432-ca56d77d3fad.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\9e0be81f-c668-4554-8e3a-8a9ed04c46b0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67330411-1FD4.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2d850862-b0bc-4127-b973-c9df08791780.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\36acf48d-d0f1-43e0-bb04-40174fdac7ec.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\77fa2172-39c1-449c-9c1d-f2ac445fa092.tmp
Unicode text, UTF-8 text, with very long lines (17403), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\61fc58c2-7b1d-440e-978e-45be18c20fa2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7ecf6e47-3294-4253-9ea8-4824354e5bf4.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\945b4e83-4a0c-4454-8472-9851526fd5a1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF499cb.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF38936.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF392cb.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a6eff4a0-ebbd-4893-ad52-3656aaa9cd40.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\aad28802-606a-46ac-8796-f6f4e93549f2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f03189bf-1d88-400c-bd9d-ac9918dba4b4.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3c871.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF414dc.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF48a0c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3cd63.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF3f29e.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13375870228296085
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6a506cea-5fef-46ac-83d0-cff421752ed1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\87119445-bc3c-4bc9-bb2d-e686bbfa2c6f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF392bb.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ca61e85e-bffc-4f88-9bab-5023993b2ec9.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f5bbb1ed-196d-4faa-88e9-82062c415c70.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a59ce02f-c8de-4250-840c-508eb68dc310.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b5b1faba-c05f-4d1a-907b-c42923125664.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c09e07cc-647e-4b9f-8a26-6b4086176e9a.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c92dd15a-c0f6-42db-8856-1fc4f00c5947.tmp
Unicode text, UTF-8 text, with very long lines (17238), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f110949a-28af-4c27-8193-36b708681813.tmp
Unicode text, UTF-8 text, with very long lines (17403), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f18fa83c-84e3-496b-8eab-7e036928d73d.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37783.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF377b2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37909.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39fdb.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3cbae.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF489dd.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4e56b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b8abb6b6-195d-4398-97c6-cd802bd63982.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d6178759-2e67-49c4-a18b-beba8cf6c49b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\0a2f238e-2c82-4545-a4dd-84796cd2da71.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
dropped
C:\Users\user\AppData\Local\Temp\1005710001\3a4851ca05.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\45cd33df-00d1-4558-a202-850e085510a0.tmp
PNG image data, 400 x 400, 8-bit/color RGB, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\60228397-0ba4-41dc-b884-84ae53c3de02.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\7f325357-bcf0-4bc8-a1be-4b31653ba003.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\97ea5eb4-6fe7-4c7d-b658-d81640ae2502.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\e1f1331b-4993-4991-b8c2-809c8ae41061.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\f5850f50-68e0-49e5-9061-0b484c41083a.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\97ea5eb4-6fe7-4c7d-b658-d81640ae2502.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3700)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_1188421806\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3705)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_400188775\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_400188775\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_400188775\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_400188775\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8148_400188775\e1f1331b-4993-4991-b8c2-809c8ae41061.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 12 06:30:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 12 06:30:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 12 06:30:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 12 06:30:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 12 06:30:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 472
ASCII text, with very long lines (3123)
downloaded
Chrome Cache Entry: 473
ASCII text
downloaded
Chrome Cache Entry: 474
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 475
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 476
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 477
SVG Scalable Vector Graphics image
downloaded
There are 285 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2212,i,6568424161687169964,14682761372451509383,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2268,i,3616982230694012629,6171515150596214737,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=2004,i,1050887210429599906,5484965300696754300,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6880 --field-trial-handle=2004,i,1050887210429599906,5484965300696754300,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6952 --field-trial-handle=2004,i,1050887210429599906,5484965300696754300,262144 /prefetch:8
malicious
C:\Users\user\DocumentsBAAFIJKKEH.exe
"C:\Users\user\DocumentsBAAFIJKKEH.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7160 --field-trial-handle=2004,i,1050887210429599906,5484965300696754300,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsBAAFIJKKEH.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 6 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731396636854&w=0&anoncknm=app_anon&NoResponseBody=true
52.168.117.168
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
unknown
https://www.last.fm/
unknown
http://185.215.113.16/steam/random.exe/M
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
https://aefd.nelreports.net/api/report?cat=bingcsp
unknown
https://sb.scorecardresearch.com/
unknown
https://deff.nelreports.net/api/report
unknown
https://docs.google.com/
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dllX
unknown
https://www.youtube.com
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://deff.nelreports.net/api/report?cat=msnw
unknown
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
http://185.215.113.43/Zu7JuNko/index.phpi:
unknown
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.185.100
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
185.215.113.206/c4becf79229cb002.php
http://185.215.113.16/mine/random.exek9
unknown
https://c.msn.com/c.gif?rnd=1731396634697&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=0788e73eb2a84d4195bd22852445c8ab&activityId=0788e73eb2a84d4195bd22852445c8ab&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=A63DE543850F4BB9BD7C9BA0E255D8AC&MUID=048A31DB7A676AF1398424EE7B306B35
20.125.209.212
http://185.215.113.206lfons
unknown
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731396637674&w=0&anoncknm=app_anon&NoResponseBody=true
52.168.117.168
https://mozilla.org0/
unknown
https://drive-daily-2.corp.google.com/
unknown
http://185.215.113.206/c4becf79229cb002.php%
unknown
https://drive-daily-4.corp.google.com/
unknown
http://185.215.113.206/c4becf79229cb002.php&
unknown
https://vibe.naver.com/today
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://185.215.113.206/c4becf79229cb002.php3
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://drive-daily-5.corp.google.com/
unknown
http://185.215.113.16/steam/random.exe710001
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dlln
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
http://185.215.113.16/steam/random.exeencoded
unknown
http://185.215.113.206/c4becf79229cb002.php?
unknown
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://c.msn.com/c.gif?rnd=1731396634697&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=0788e73eb2a84d4195bd22852445c8ab&activityId=0788e73eb2a84d4195bd22852445c8ab&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0
20.125.209.212
https://www.msn.com/web-notification-icon-light.png
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dllY
unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
unknown
http://185.215.113.16/steam/random.exeAC
unknown
https://chromewebstore.google.com/
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
unknown
https://msn.comXIDv10
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://clients2.googleusercontent.com/crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx
172.217.18.1
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
http://185.215.113.16/steam/random.exe1395d7
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
http://185.215.113.16/steam/random.exe~
unknown
https://m.kugou.com/
unknown
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
http://185.215.113.206/c4becf79229cb002.phpg
unknown
http://185.215.113.206/c4becf79229cb002.phph
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
172.64.41.3
plus.l.google.com
142.250.184.206
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.244.18.38
s-part-0017.t-0009.t-msedge.net
13.107.246.45
www.google.com
142.250.185.100
googlehosted.l.googleusercontent.com
172.217.18.1
sni1gl.wpc.nucdn.net
152.199.21.175
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.5
unknown
unknown
malicious
185.215.113.16
unknown
Portugal
malicious
185.215.113.206
unknown
Portugal
malicious
3.170.115.68
unknown
United States
13.107.246.45
s-part-0017.t-0009.t-msedge.net
United States
152.195.19.97
unknown
United States
142.250.185.100
www.google.com
United States
23.198.7.180
unknown
United States
20.125.209.212
unknown
United States
23.47.50.150
unknown
United States
23.198.7.168
unknown
United States
142.250.184.206
plus.l.google.com
United States
204.79.197.219
unknown
United States
23.221.22.207
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
13.107.246.57
unknown
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
18.244.18.38
sb.scorecardresearch.com
United States
20.99.186.246
unknown
United States
172.217.18.1
googlehosted.l.googleusercontent.com
United States
239.255.255.250
unknown
Reserved
23.198.7.178
unknown
United States
52.168.117.168
unknown
United States
127.0.0.1
unknown
unknown
There are 15 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197722
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197722
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197722
WindowTabManagerFileMappingId
There are 132 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
BB1000
unkown
page execute and read and write
 malicious
D81000
unkown
page execute and read and write
 malicious
281000
unkown
page execute and read and write
 malicious
5010000
direct allocation
page read and write
 malicious
BB1000
unkown
page execute and read and write
 malicious
120E000
heap
page read and write
 malicious
BB1000
unkown
page execute and read and write
 malicious
D44000
heap
page read and write
D84000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
1099000
unkown
page execute and read and write
D44000
heap
page read and write
3DAE000
stack
page read and write
1D7BB000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
51F4000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
47BF000
stack
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D7A8000
heap
page read and write
296F000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
109A000
unkown
page execute and write copy
D44000
heap
page read and write
D45000
heap
page read and write
3BFF000
stack
page read and write
11F0000
direct allocation
page read and write
D44000
heap
page read and write
1D797000
heap
page read and write
D44000
heap
page read and write
E2C000
unkown
page execute and read and write
11AE000
stack
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
3E6F000
stack
page read and write
51C0000
direct allocation
page execute and read and write
35EE000
stack
page read and write
11F0000
direct allocation
page read and write
D44000
heap
page read and write
EB2000
unkown
page execute and write copy
D44000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
6C650000
unkown
page readonly
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
E26000
unkown
page execute and write copy
D44000
heap
page read and write
1D781000
heap
page read and write
44B1000
heap
page read and write
DFF000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
1D38D000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
276F000
stack
page read and write
D44000
heap
page read and write
61ED3000
direct allocation
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
120A000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D79A000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
346F000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
5160000
direct allocation
page execute and read and write
F51000
unkown
page execute and read and write
784000
heap
page read and write
D44000
heap
page read and write
44B0000
heap
page read and write
4FE0000
direct allocation
page execute and read and write
D44000
heap
page read and write
DDE000
unkown
page execute and write copy
D44000
heap
page read and write
B74000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
463E000
stack
page read and write
472F000
stack
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
50F0000
direct allocation
page execute and read and write
D44000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
DE2000
unkown
page execute and write copy
D44000
heap
page read and write
1500000
heap
page read and write
784000
heap
page read and write
1267000
heap
page read and write
412D000
stack
page read and write
53F0000
direct allocation
page execute and read and write
D45000
heap
page read and write
35EF000
stack
page read and write
11EE000
stack
page read and write
53B0000
direct allocation
page execute and read and write
1D7A5000
heap
page read and write
D45000
heap
page read and write
1D79F000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
4FD0000
direct allocation
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D79B000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
3D6F000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
784000
heap
page read and write
E3C000
unkown
page execute and read and write
48BE000
stack
page read and write
DA5000
unkown
page execute and read and write
D45000
heap
page read and write
1260000
direct allocation
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
14FE000
stack
page read and write
D44000
heap
page read and write
770000
direct allocation
page read and write
68E1000
heap
page read and write
D44000
heap
page read and write
E29000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
4D81000
heap
page read and write
E29000
unkown
page execute and read and write
D44000
heap
page read and write
E18000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
770000
direct allocation
page read and write
D44000
heap
page read and write
FF0000
direct allocation
page read and write
4B81000
heap
page read and write
1260000
direct allocation
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
1D78B000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
50F0000
direct allocation
page execute and read and write
E26000
unkown
page execute and write copy
12FD000
heap
page read and write
34AE000
stack
page read and write
4B81000
heap
page read and write
23C65000
heap
page read and write
35C000
stack
page read and write
50F0000
direct allocation
page execute and read and write
44B1000
heap
page read and write
11D0000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
5170000
direct allocation
page execute and read and write
3D3F000
stack
page read and write
774000
unkown
page execute and read and write
DDE000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
F7B000
unkown
page execute and read and write
D44000
heap
page read and write
303E000
stack
page read and write
FC0000
heap
page read and write
50F0000
direct allocation
page execute and read and write
B60000
heap
page read and write
EAF000
unkown
page execute and write copy
706D000
heap
page read and write
39AE000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
1D7BE000
heap
page read and write
D44000
heap
page read and write
B0D000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
34C000
unkown
page execute and read and write
FD0000
heap
page read and write
FD0000
direct allocation
page read and write
D44000
heap
page read and write
5060000
direct allocation
page execute and read and write
D44000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
B70000
heap
page read and write
1D79A000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
732000
unkown
page execute and read and write
D45000
heap
page read and write
D44000
heap
page read and write
1D7A5000
heap
page read and write
D44000
heap
page read and write
D81000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
1510000
direct allocation
page read and write
D44000
heap
page read and write
4FE0000
direct allocation
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
F68000
unkown
page execute and write copy
416E000
stack
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
1D797000
heap
page read and write
50F0000
direct allocation
page execute and read and write
D44000
heap
page read and write
1D7C0000
heap
page read and write
EA0000
unkown
page execute and write copy
D81000
unkown
page execute and read and write
D44000
heap
page read and write
1D7BF000
heap
page read and write
D44000
heap
page read and write
1D794000
heap
page read and write
C12000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
FD0000
direct allocation
page read and write
1260000
direct allocation
page read and write
E14000
unkown
page execute and write copy
D44000
heap
page read and write
828000
heap
page read and write
DD4000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
D45000
heap
page read and write
1015000
unkown
page execute and read and write
DBA000
unkown
page execute and read and write
1D7A4000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
4B10000
direct allocation
page execute and read and write
D45000
heap
page read and write
D44000
heap
page read and write
784000
heap
page read and write
44B1000
heap
page read and write
4D80000
heap
page read and write
1006000
unkown
page execute and write copy
44B1000
heap
page read and write
784000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
784000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
332F000
stack
page read and write
D44000
heap
page read and write
38FE000
stack
page read and write
BB0000
unkown
page read and write
D44000
heap
page read and write
1510000
direct allocation
page read and write
1260000
direct allocation
page read and write
770000
direct allocation
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
335000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
403F000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1348000
heap
page read and write
D44000
heap
page read and write
C1B000
unkown
page execute and write copy
43AF000
stack
page read and write
1180000
heap
page read and write
D98000
unkown
page execute and write copy
2A970000
heap
page read and write
D44000
heap
page read and write
EB1000
unkown
page execute and read and write
B74000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
462E000
stack
page read and write
C27000
unkown
page execute and write copy
D44000
heap
page read and write
D45000
heap
page read and write
7B0000
heap
page read and write
4B81000
heap
page read and write
770000
direct allocation
page read and write
2FAF000
stack
page read and write
DB8000
unkown
page execute and write copy
3A3E000
stack
page read and write
D44000
heap
page read and write
5100000
direct allocation
page execute and read and write
1D79E000
heap
page read and write
1D7B8000
heap
page read and write
D44000
heap
page read and write
13A0000
heap
page read and write
52AE000
stack
page read and write
4AF1000
heap
page read and write
3EAF000
stack
page read and write
61ECC000
direct allocation
page read and write
D44000
heap
page read and write
2D2F000
stack
page read and write
4B81000
heap
page read and write
1CF5E000
stack
page read and write
1D7AD000
heap
page read and write
D44000
heap
page read and write
23BC0000
trusted library allocation
page read and write
D44000
heap
page read and write
FF9000
unkown
page execute and read and write
3AEF000
stack
page read and write
E19000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
53E0000
direct allocation
page execute and read and write
D44000
heap
page read and write
4AF1000
heap
page read and write
44B1000
heap
page read and write
FD0000
direct allocation
page read and write
C12000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
4FEF000
stack
page read and write
D44000
heap
page read and write
1D7A4000
heap
page read and write
D44000
heap
page read and write
61E00000
direct allocation
page execute and read and write
D44000
heap
page read and write
D45000
heap
page read and write
367E000
stack
page read and write
D45000
heap
page read and write
4AE0000
direct allocation
page execute and read and write
4A6F000
stack
page read and write
D44000
heap
page read and write
4EAF000
stack
page read and write
1260000
direct allocation
page read and write
1004000
unkown
page execute and write copy
34BE000
stack
page read and write
FCF000
stack
page read and write
23C6D000
heap
page read and write
4DAE000
stack
page read and write
1D77F000
heap
page read and write
1510000
direct allocation
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
EC9000
unkown
page execute and write copy
1510000
direct allocation
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
784000
heap
page read and write
D45000
heap
page read and write
EC9000
unkown
page execute and write copy
1D7A5000
heap
page read and write
1D7B2000
heap
page read and write
3AEE000
stack
page read and write
133C000
heap
page read and write
784000
heap
page read and write
4BF0000
trusted library allocation
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
128E000
heap
page read and write
FD2000
unkown
page execute and read and write
D44000
heap
page read and write
5200000
direct allocation
page read and write
4D81000
heap
page read and write
102D000
unkown
page execute and read and write
3FAF000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
FD0000
direct allocation
page read and write
A20000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
6C6F1000
unkown
page execute read
D44000
heap
page read and write
D44000
heap
page read and write
10F8000
stack
page read and write
108A000
unkown
page execute and write copy
D44000
heap
page read and write
39AE000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
44D0000
heap
page read and write
1052000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
BB0000
unkown
page readonly
68EE000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
2D6E000
stack
page read and write
3E6F000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
E07000
unkown
page execute and read and write
D44000
heap
page read and write
33BF000
stack
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
E3C000
unkown
page execute and read and write
2A7AC000
stack
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
FE9000
unkown
page execute and write copy
D45000
heap
page read and write
E1E000
unkown
page execute and read and write
D45000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
2D2E000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
39BE000
stack
page read and write
EB2000
unkown
page execute and write copy
396F000
stack
page read and write
44B1000
heap
page read and write
784000
heap
page read and write
49F1000
heap
page read and write
E2A000
unkown
page execute and write copy
11F0000
direct allocation
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
4D81000
heap
page read and write
1510000
direct allocation
page read and write
D44000
heap
page read and write
102C000
unkown
page execute and write copy
3ABF000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1510000
direct allocation
page read and write
23AAE000
stack
page read and write
D44000
heap
page read and write
333F000
stack
page read and write
D44000
heap
page read and write
3E7000
unkown
page execute and read and write
D44000
heap
page read and write
12FE000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
7A0000
direct allocation
page read and write
D44000
heap
page read and write
1D4CD000
stack
page read and write
123E000
stack
page read and write
D45000
heap
page read and write
4B81000
heap
page read and write
D45000
heap
page read and write
11F0000
direct allocation
page read and write
5190000
direct allocation
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
5370000
direct allocation
page execute and read and write
D44000
heap
page read and write
E35000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
12FD000
stack
page read and write
EBA000
unkown
page execute and write copy
38BF000
stack
page read and write
477E000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
3E7F000
stack
page read and write
412E000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
353E000
stack
page read and write
437F000
stack
page read and write
137E000
stack
page read and write
1D7C0000
heap
page read and write
4FE0000
direct allocation
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
107F000
unkown
page execute and write copy
44B1000
heap
page read and write
5180000
direct allocation
page execute and read and write
1358000
heap
page read and write
E9E000
unkown
page execute and write copy
4B81000
heap
page read and write
1D7C0000
heap
page read and write
12AB000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
3D2F000
stack
page read and write
4FC0000
trusted library allocation
page read and write
784000
heap
page read and write
D44000
heap
page read and write
D9B000
unkown
page execute and read and write
5150000
direct allocation
page execute and read and write
383F000
stack
page read and write
48AE000
stack
page read and write
EB8000
unkown
page execute and read and write
11CE000
stack
page read and write
336F000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
2E1F000
stack
page read and write
DD6000
unkown
page execute and read and write
D44000
heap
page read and write
11F0000
direct allocation
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1520000
heap
page read and write
674E000
stack
page read and write
476F000
stack
page read and write
30FF000
stack
page read and write
D44000
heap
page read and write
1D781000
heap
page read and write
DBB000
unkown
page execute and write copy
127E000
stack
page read and write
D44000
heap
page read and write
706A000
heap
page read and write
D44000
heap
page read and write
4EAE000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
EB8000
unkown
page execute and read and write
1D79B000
heap
page read and write
760000
heap
page read and write
D44000
heap
page read and write
12FD000
heap
page read and write
3C6E000
stack
page read and write
1370000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1260000
direct allocation
page read and write
13A5000
heap
page read and write
E45000
unkown
page execute and read and write
780000
heap
page read and write
FE4000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
6C5C000
stack
page read and write
D44000
heap
page read and write
3FAF000
stack
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
1D0DE000
stack
page read and write
DFF000
unkown
page execute and write copy
D44000
heap
page read and write
C19000
unkown
page write copy
D44000
heap
page read and write
D44000
heap
page read and write
135F000
heap
page read and write
332F000
stack
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
784000
heap
page read and write
D44000
heap
page read and write
E44000
unkown
page execute and write copy
1D7A5000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
B0B000
heap
page read and write
1321000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
5190000
direct allocation
page execute and read and write
DFF000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
7BB000
heap
page read and write
44B5000
heap
page read and write
1D789000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1088000
unkown
page execute and read and write
D44000
heap
page read and write
382F000
stack
page read and write
1D7A1000
heap
page read and write
422E000
stack
page read and write
7FA000
heap
page read and write
D44000
heap
page read and write
4B8000
unkown
page execute and read and write
1D79B000
heap
page read and write
9BD000
stack
page read and write
784000
heap
page read and write
FDF000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
4B7F000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
131D000
heap
page read and write
44B1000
heap
page read and write
377F000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
6C8D0000
unkown
page read and write
3D7E000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
6C8CE000
unkown
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
B74000
heap
page read and write
E2A000
unkown
page execute and write copy
D44000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
3AAF000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
23803000
heap
page read and write
1D7C0000
heap
page read and write
784000
heap
page read and write
D44000
heap
page read and write
61ED0000
direct allocation
page read and write
E0F000
unkown
page execute and write copy
30EF000
stack
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
CFA000
stack
page read and write
5020000
direct allocation
page execute and read and write
D44000
heap
page read and write
2BEE000
stack
page read and write
D44000
heap
page read and write
DBE000
unkown
page execute and read and write
D44000
heap
page read and write
4B81000
heap
page read and write
12F7000
heap
page read and write
4B81000
heap
page read and write
4AF1000
heap
page read and write
E35000
unkown
page execute and read and write
2C2F000
stack
page read and write
1250000
heap
page read and write
BB0000
unkown
page readonly
35AF000
stack
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
4A3F000
stack
page read and write
5190000
direct allocation
page execute and read and write
1D782000
heap
page read and write
D44000
heap
page read and write
48AF000
stack
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
C19000
unkown
page write copy
4B81000
heap
page read and write
D44000
heap
page read and write
135E000
heap
page read and write
D44000
heap
page read and write
BB1000
unkown
page execute and write copy
44B1000
heap
page read and write
239E1000
heap
page read and write
280000
unkown
page readonly
D45000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
5130000
direct allocation
page execute and read and write
D45000
heap
page read and write
23940000
trusted library allocation
page read and write
2E6F000
stack
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
4B81000
heap
page read and write
4FC0000
direct allocation
page execute and read and write
1290000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
336E000
stack
page read and write
D44000
heap
page read and write
EAF000
unkown
page execute and write copy
D44000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
EB2000
unkown
page execute and write copy
1343000
heap
page read and write
1351000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
3C2E000
stack
page read and write
4AB0000
direct allocation
page execute and read and write
FD7000
unkown
page execute and read and write
D44000
heap
page read and write
6FD000
stack
page read and write
784000
heap
page read and write
3AFE000
stack
page read and write
1D79D000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
E44000
unkown
page execute and write copy
D44000
heap
page read and write
504C000
stack
page read and write
D44000
heap
page read and write
185F000
stack
page read and write
D44000
heap
page read and write
FE8000
unkown
page execute and read and write
4B20000
direct allocation
page execute and read and write
1332000
heap
page read and write
238A3000
heap
page read and write
44B1000
heap
page read and write
493E000
stack
page read and write
9CB000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
784000
heap
page read and write
4B81000
heap
page read and write
457E000
stack
page read and write
D44000
heap
page read and write
1D7B5000
heap
page read and write
50E0000
direct allocation
page execute and read and write
784000
heap
page read and write
23981000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
FF0000
direct allocation
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
372F000
stack
page read and write
770000
direct allocation
page read and write
D45000
heap
page read and write
D45000
heap
page read and write
1D79C000
heap
page read and write
40EF000
stack
page read and write
36EF000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
4BA0000
heap
page read and write
E03000
unkown
page execute and write copy
DA5000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
514F000
stack
page read and write
D44000
heap
page read and write
B74000
heap
page read and write
D45000
heap
page read and write
1332000
heap
page read and write
2BAF000
stack
page read and write
D44000
heap
page read and write
784000
heap
page read and write
44B1000
heap
page read and write
1D7A5000
heap
page read and write
1070000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
4B80000
heap
page read and write
4AA0000
direct allocation
page execute and read and write
1D770000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
15CE000
stack
page read and write
ECA000
unkown
page execute and write copy
45FF000
stack
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
1D48D000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
B74000
heap
page read and write
51F0000
heap
page read and write
784000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
462F000
stack
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
EAF000
unkown
page execute and write copy
4FAB000
stack
page read and write
46BE000
stack
page read and write
D44000
heap
page read and write
35FE000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
DB8000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
39EE000
stack
page read and write
D44000
heap
page read and write
1014000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
784000
heap
page read and write
4B90000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D7BA000
heap
page read and write
1260000
direct allocation
page read and write
44B1000
heap
page read and write
2EBE000
heap
page read and write
FE2000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
124E000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
30AF000
stack
page read and write
D44000
heap
page read and write
73D000
stack
page read and write
3B7E000
stack
page read and write
5180000
direct allocation
page execute and read and write
5010000
direct allocation
page execute and read and write
D44000
heap
page read and write
4B81000
heap
page read and write
E82000
unkown
page execute and read and write
4A80000
direct allocation
page execute and read and write
D44000
heap
page read and write
784000
heap
page read and write
6C6CD000
unkown
page readonly
D44000
heap
page read and write
D45000
heap
page read and write
3D6E000
stack
page read and write
1D78F000
heap
page read and write
1351000
heap
page read and write
49EF000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
336E000
stack
page read and write
2CEF000
stack
page read and write
4D81000
heap
page read and write
D44000
heap
page read and write
3EBE000
stack
page read and write
D44000
heap
page read and write
33AE000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
346F000
stack
page read and write
3AAF000
stack
page read and write
2FEE000
stack
page read and write
426E000
stack
page read and write
D44000
heap
page read and write
F5C000
stack
page read and write
D44000
heap
page read and write
1082000
unkown
page execute and write copy
4B81000
heap
page read and write
3B2E000
stack
page read and write
D44000
heap
page read and write
3EEE000
stack
page read and write
C27000
unkown
page execute and write copy
11F0000
direct allocation
page read and write
3FEF000
stack
page read and write
B74000
heap
page read and write
5010000
direct allocation
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D33F000
stack
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
4B81000
heap
page read and write
4B81000
heap
page read and write
304000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
BB0000
unkown
page readonly
D44000
heap
page read and write
1D7A5000
heap
page read and write
D44000
heap
page read and write
C12000
unkown
page execute and write copy
44B1000
heap
page read and write
5380000
direct allocation
page execute and read and write
B74000
heap
page read and write
E9E000
unkown
page execute and write copy
D45000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
E07000
unkown
page execute and read and write
6C88F000
unkown
page readonly
44B1000
heap
page read and write
2EE0000
heap
page read and write
49F1000
heap
page read and write
D44000
heap
page read and write
E5D000
unkown
page execute and read and write
39FF000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
4FF0000
direct allocation
page execute and read and write
286F000
stack
page read and write
D44000
heap
page read and write
45B0000
trusted library allocation
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
EBA000
unkown
page execute and write copy
4AF0000
heap
page read and write
D44000
heap
page read and write
3AEE000
stack
page read and write
1510000
direct allocation
page read and write
61ED4000
direct allocation
page readonly
453F000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
43FF000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
B90000
direct allocation
page execute and read and write
4FB0000
direct allocation
page execute and read and write
4FAF000
stack
page read and write
44AF000
stack
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
E19000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
DBE000
unkown
page execute and read and write
D44000
heap
page read and write
43AE000
stack
page read and write
D44000
heap
page read and write
EC9000
unkown
page execute and read and write
D44000
heap
page read and write
1D7B5000
heap
page read and write
D44000
heap
page read and write
523E000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D776000
heap
page read and write
E12000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
3FBF000
stack
page read and write
1D7BA000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
4AD0000
direct allocation
page execute and read and write
DEB000
unkown
page execute and write copy
1D79D000
heap
page read and write
DBE000
unkown
page execute and read and write
D44000
heap
page read and write
D45000
heap
page read and write
E5C000
unkown
page execute and write copy
E5C000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D793000
heap
page read and write
1D7A4000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
23A40000
trusted library allocation
page read and write
31EF000
stack
page read and write
B74000
heap
page read and write
D44000
heap
page read and write
4A80000
direct allocation
page execute and read and write
382F000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
E0F000
unkown
page execute and write copy
3C2E000
stack
page read and write
D44000
heap
page read and write
11F0000
direct allocation
page read and write
6A20000
heap
page read and write
F67000
unkown
page execute and read and write
6C6F0000
unkown
page readonly
D44000
heap
page read and write
D44000
heap
page read and write
53C0000
direct allocation
page execute and read and write
426E000
stack
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
6F4C000
stack
page read and write
D44000
heap
page read and write
1D78D000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
23960000
heap
page read and write
DE9000
unkown
page write copy
44B1000
heap
page read and write
23A40000
trusted library allocation
page read and write
FA4000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
DD6000
unkown
page execute and read and write
D44000
heap
page read and write
417F000
stack
page read and write
5380000
direct allocation
page execute and read and write
D44000
heap
page read and write
E1E000
unkown
page execute and read and write
D44000
heap
page read and write
770000
direct allocation
page read and write
1200000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
44B1000
heap
page read and write
386E000
stack
page read and write
1D7BB000
heap
page read and write
6345000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
317E000
stack
page read and write
54AE000
stack
page read and write
B74000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
436F000
stack
page read and write
D98000
unkown
page execute and write copy
DA7000
unkown
page execute and write copy
D44000
heap
page read and write
1251000
heap
page read and write
E02000
unkown
page execute and read and write
5140000
direct allocation
page execute and read and write
133B000
heap
page read and write
E2A000
unkown
page execute and write copy
D9B000
unkown
page execute and read and write
30EF000
stack
page read and write
D44000
heap
page read and write
4FE0000
direct allocation
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
DAB000
unkown
page execute and read and write
1D7C0000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
1D79B000
heap
page read and write
1D799000
heap
page read and write
EA0000
unkown
page execute and write copy
372E000
stack
page read and write
D44000
heap
page read and write
DEB000
unkown
page execute and read and write
E19000
unkown
page execute and write copy
4B81000
heap
page read and write
D44000
heap
page read and write
23BAE000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
5380000
direct allocation
page execute and read and write
1D7AC000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
363F000
stack
page read and write
1348000
heap
page read and write
6C6E2000
unkown
page readonly
11F0000
direct allocation
page read and write
44B1000
heap
page read and write
E82000
unkown
page execute and read and write
D45000
heap
page read and write
108A000
unkown
page execute and write copy
F75000
unkown
page execute and read and write
7054000
heap
page read and write
D44000
heap
page read and write
ABE000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
C1B000
unkown
page execute and read and write
3EAE000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
23940000
trusted library allocation
page read and write
D44000
heap
page read and write
E2C000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
DBB000
unkown
page execute and write copy
5380000
direct allocation
page execute and read and write
4A70000
direct allocation
page execute and read and write
44B1000
heap
page read and write
5070000
direct allocation
page execute and read and write
D44000
heap
page read and write
1560000
heap
page read and write
326E000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
65CF000
stack
page read and write
D44000
heap
page read and write
6C651000
unkown
page execute read
770000
direct allocation
page read and write
D44000
heap
page read and write
3FEE000
stack
page read and write
D44000
heap
page read and write
913000
unkown
page execute and read and write
784000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
2E9E000
stack
page read and write
D81000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
FFA000
unkown
page execute and write copy
1D78B000
heap
page read and write
DE8000
unkown
page execute and read and write
50C0000
direct allocation
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D7A5000
heap
page read and write
DD0000
heap
page read and write
53D0000
direct allocation
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
487F000
stack
page read and write
D44000
heap
page read and write
402E000
stack
page read and write
D44000
heap
page read and write
70C2000
heap
page read and write
3EAE000
stack
page read and write
61EB4000
direct allocation
page read and write
10FE000
stack
page read and write
D44000
heap
page read and write
D98000
unkown
page execute and write copy
D7C000
stack
page read and write
2EBB000
heap
page read and write
D44000
heap
page read and write
3C7F000
stack
page read and write
705C000
heap
page read and write
4A80000
direct allocation
page execute and read and write
D44000
heap
page read and write
44B1000
heap
page read and write
372E000
stack
page read and write
1D09F000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
784000
heap
page read and write
5360000
direct allocation
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D7BB000
heap
page read and write
1D7C0000
heap
page read and write
2A6F000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D7A5000
heap
page read and write
D44000
heap
page read and write
E5C000
unkown
page execute and write copy
281000
unkown
page execute and write copy
D44000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
4B81000
heap
page read and write
1D23E000
stack
page read and write
AFE000
stack
page read and write
D44000
heap
page read and write
133E000
stack
page read and write
D44000
heap
page read and write
1D793000
heap
page read and write
D44000
heap
page read and write
5200000
direct allocation
page read and write
41BD000
stack
page read and write
50F0000
direct allocation
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
BB1000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
5170000
direct allocation
page execute and read and write
B5E000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
E18000
unkown
page execute and read and write
D44000
heap
page read and write
3C3E000
stack
page read and write
784000
heap
page read and write
D44000
heap
page read and write
36FF000
stack
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
D45000
heap
page read and write
DE9000
unkown
page write copy
D44000
heap
page read and write
11F0000
direct allocation
page read and write
EAF000
unkown
page execute and write copy
D44000
heap
page read and write
1D791000
heap
page read and write
784000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
EC9000
unkown
page execute and read and write
D44000
heap
page read and write
1321000
heap
page read and write
147E000
stack
page read and write
D44000
heap
page read and write
4B00000
direct allocation
page execute and read and write
1333000
heap
page read and write
D45000
heap
page read and write
4A90000
direct allocation
page execute and read and write
43BE000
stack
page read and write
D44000
heap
page read and write
B74000
heap
page read and write
D44000
heap
page read and write
5400000
direct allocation
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
1D78A000
heap
page read and write
1D7AE000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
684F000
stack
page read and write
1D797000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
53A0000
direct allocation
page execute and read and write
6F6A000
heap
page read and write
44B1000
heap
page read and write
49BF000
stack
page read and write
44B1000
heap
page read and write
D45000
heap
page read and write
1510000
direct allocation
page read and write
D44000
heap
page read and write
6C8D5000
unkown
page readonly
C1B000
unkown
page execute and write copy
2EB7000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
B74000
heap
page read and write
784000
heap
page read and write
23C67000
heap
page read and write
D44000
heap
page read and write
775000
unkown
page execute and write copy
48EE000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
1D790000
heap
page read and write
61E01000
direct allocation
page execute read
D44000
heap
page read and write
4A80000
direct allocation
page execute and read and write
4B81000
heap
page read and write
1332000
heap
page read and write
68E0000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
70D1000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D76D000
stack
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
4AF1000
heap
page read and write
784000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
376E000
stack
page read and write
D44000
heap
page read and write
68F0000
heap
page read and write
D44000
heap
page read and write
51B0000
direct allocation
page execute and read and write
D44000
heap
page read and write
505E000
stack
page read and write
492C000
stack
page read and write
D44000
heap
page read and write
4F70000
direct allocation
page read and write
6880000
heap
page read and write
D44000
heap
page read and write
EBA000
unkown
page execute and write copy
44B1000
heap
page read and write
D44000
heap
page read and write
E0F000
unkown
page execute and write copy
D44000
heap
page read and write
156A000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
784000
heap
page read and write
784000
heap
page read and write
D44000
heap
page read and write
11F0000
direct allocation
page read and write
44B1000
heap
page read and write
E36000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
4AF0000
direct allocation
page execute and read and write
D44000
heap
page read and write
D45000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
1D825000
heap
page read and write
407E000
stack
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
D45000
heap
page read and write
3BEF000
stack
page read and write
23C61000
heap
page read and write
D44000
heap
page read and write
49F1000
heap
page read and write
B74000
heap
page read and write
467F000
stack
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
5080000
direct allocation
page execute and read and write
D44000
heap
page read and write
128A000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
53EC000
stack
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
61ECD000
direct allocation
page readonly
4B81000
heap
page read and write
D44000
heap
page read and write
1280000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
2F6F000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D7A4000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
ECA000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
4D7F000
stack
page read and write
C12000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
23A06000
heap
page read and write
4B81000
heap
page read and write
427E000
stack
page read and write
44B1000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
44EE000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
FD0000
direct allocation
page read and write
D44000
heap
page read and write
EAF000
unkown
page execute and write copy
D44000
heap
page read and write
1D7B2000
heap
page read and write
1D7A4000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D7C0000
heap
page read and write
784000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
C19000
unkown
page write copy
1D7B2000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
DA7000
unkown
page execute and write copy
D44000
heap
page read and write
4C7E000
stack
page read and write
4CC000
unkown
page execute and read and write
BB1000
unkown
page execute and write copy
44B1000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
4F70000
direct allocation
page read and write
44B1000
heap
page read and write
E36000
unkown
page execute and write copy
4B81000
heap
page read and write
8BC000
stack
page read and write
D97000
unkown
page execute and read and write
157E000
stack
page read and write
D44000
heap
page read and write
784000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
784000
heap
page read and write
D44000
heap
page read and write
42FE000
stack
page read and write
D44000
heap
page read and write
FD3000
unkown
page execute and write copy
1260000
direct allocation
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
E45000
unkown
page execute and read and write
1260000
direct allocation
page read and write
D44000
heap
page read and write
BB0000
unkown
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
2B7000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
EA0000
unkown
page execute and write copy
660E000
stack
page read and write
C19000
unkown
page write copy
D45000
heap
page read and write
B07000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
3C0000
heap
page read and write
D44000
heap
page read and write
784000
heap
page read and write
D44000
heap
page read and write
386E000
stack
page read and write
D44000
heap
page read and write
4FE0000
direct allocation
page execute and read and write
E03000
unkown
page execute and write copy
B74000
heap
page read and write
42AE000
stack
page read and write
68F0000
heap
page read and write
322F000
stack
page read and write
D44000
heap
page read and write
175F000
stack
page read and write
1260000
direct allocation
page read and write
D44000
heap
page read and write
3CBE000
stack
page read and write
D44000
heap
page read and write
784000
heap
page read and write
D45000
heap
page read and write
47AE000
stack
page read and write
D45000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
E5D000
unkown
page execute and read and write
D45000
heap
page read and write
D44000
heap
page read and write
4AFF000
stack
page read and write
E02000
unkown
page execute and read and write
131D000
heap
page read and write
D44000
heap
page read and write
347F000
stack
page read and write
D80000
unkown
page read and write
8C50000
trusted library allocation
page read and write
50D0000
direct allocation
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D7A5000
heap
page read and write
44B1000
heap
page read and write
1D5CD000
stack
page read and write
1D78B000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
2EE7000
heap
page read and write
D45000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
A7E000
stack
page read and write
C19000
unkown
page write copy
D44000
heap
page read and write
436F000
stack
page read and write
1371000
heap
page read and write
533F000
stack
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
EB1000
unkown
page execute and read and write
D44000
heap
page read and write
31EF000
stack
page read and write
486F000
stack
page read and write
1510000
direct allocation
page read and write
5010000
direct allocation
page read and write
5350000
direct allocation
page execute and read and write
43EE000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
5380000
direct allocation
page execute and read and write
D45000
heap
page read and write
55AF000
stack
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
F77000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
37BE000
stack
page read and write
D44000
heap
page read and write
14BE000
stack
page read and write
C1B000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
43AE000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
DD4000
unkown
page execute and write copy
1510000
direct allocation
page read and write
FEE000
unkown
page execute and read and write
D44000
heap
page read and write
5120000
direct allocation
page execute and read and write
D44000
heap
page read and write
313F000
stack
page read and write
E26000
unkown
page execute and write copy
774000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
1D7A5000
heap
page read and write
D44000
heap
page read and write
1D772000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
B74000
heap
page read and write
1D891000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
770000
direct allocation
page read and write
D44000
heap
page read and write
DBA000
unkown
page execute and read and write
11F0000
direct allocation
page read and write
1D7BB000
heap
page read and write
FAE000
unkown
page execute and write copy
5040000
direct allocation
page execute and read and write
D44000
heap
page read and write
DE8000
unkown
page execute and read and write
14CE000
stack
page read and write
D44000
heap
page read and write
770000
direct allocation
page read and write
1099000
unkown
page execute and write copy
D44000
heap
page read and write
784000
heap
page read and write
D45000
heap
page read and write
2EAE000
stack
page read and write
D44000
heap
page read and write
32BE000
stack
page read and write
1D792000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
2E5B000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
E82000
unkown
page execute and read and write
D44000
heap
page read and write
FD0000
direct allocation
page read and write
D9B000
unkown
page execute and read and write
D45000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
DA5000
unkown
page execute and read and write
7ED000
heap
page read and write
BA0000
direct allocation
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1280000
heap
page read and write
323E000
stack
page read and write
D44000
heap
page read and write
4FE0000
direct allocation
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
1321000
heap
page read and write
D44000
heap
page read and write
1D7B2000
heap
page read and write
23940000
heap
page read and write
2E6E000
stack
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1260000
direct allocation
page read and write
4D81000
heap
page read and write
D44000
heap
page read and write
765000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
5046000
direct allocation
page read and write
1D7B5000
heap
page read and write
D44000
heap
page read and write
135E000
heap
page read and write
FA6000
unkown
page execute and read and write
D44000
heap
page read and write
EBA000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
C27000
unkown
page execute and write copy
4B81000
heap
page read and write
DE2000
unkown
page execute and read and write
2A860000
heap
page read and write
1510000
direct allocation
page read and write
2FEF000
stack
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
1081000
unkown
page execute and read and write
D44000
heap
page read and write
476E000
stack
page read and write
373E000
stack
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
239A1000
heap
page read and write
1D7A5000
heap
page read and write
D44000
heap
page read and write
1D7BD000
heap
page read and write
131D000
heap
page read and write
34AE000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
49F1000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
6A25000
heap
page read and write
5380000
direct allocation
page execute and read and write
36EF000
stack
page read and write
1D789000
heap
page read and write
D44000
heap
page read and write
362E000
stack
page read and write
D45000
heap
page read and write
C12000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
E07000
unkown
page execute and read and write
D45000
heap
page read and write
C12000
unkown
page execute and write copy
51AD000
stack
page read and write
D45000
heap
page read and write
784000
heap
page read and write
1D890000
trusted library allocation
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
452E000
stack
page read and write
40EF000
stack
page read and write
D44000
heap
page read and write
E45000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
4A80000
direct allocation
page execute and read and write
D44000
heap
page read and write
FD0000
direct allocation
page read and write
D44000
heap
page read and write
3C2F000
stack
page read and write
914000
unkown
page execute and write copy
4C2B000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
1D7B2000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
F88000
unkown
page execute and write copy
4B81000
heap
page read and write
3F3E000
stack
page read and write
D44000
heap
page read and write
DF7000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
FCF000
unkown
page execute and write copy
D45000
heap
page read and write
D50000
heap
page read and write
322E000
stack
page read and write
D44000
heap
page read and write
1321000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1527000
heap
page read and write
D44000
heap
page read and write
30EE000
stack
page read and write
423F000
stack
page read and write
E5D000
unkown
page execute and read and write
4B81000
heap
page read and write
D44000
heap
page read and write
784000
heap
page read and write
D44000
heap
page read and write
4E80000
trusted library allocation
page read and write
E18000
unkown
page execute and read and write
DBA000
unkown
page execute and read and write
D44000
heap
page read and write
106E000
unkown
page execute and write copy
4A7E000
stack
page read and write
652000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
FF6000
unkown
page execute and write copy
44B1000
heap
page read and write
2EDE000
stack
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
670F000
stack
page read and write
48FF000
stack
page read and write
D44000
heap
page read and write
426F000
stack
page read and write
5000000
direct allocation
page execute and read and write
4B81000
heap
page read and write
3B3F000
stack
page read and write
6F50000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
34EE000
stack
page read and write
422F000
stack
page read and write
D44000
heap
page read and write
40FF000
stack
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
35AF000
stack
page read and write
F6B000
unkown
page execute and read and write
E02000
unkown
page execute and read and write
1D7C0000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
52FF000
stack
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
784000
heap
page read and write
D44000
heap
page read and write
DDE000
unkown
page execute and write copy
D44000
heap
page read and write
1D7A5000
heap
page read and write
D44000
heap
page read and write
FD0000
direct allocation
page read and write
1D7B5000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
770000
direct allocation
page read and write
5410000
direct allocation
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
DB8000
unkown
page execute and write copy
D45000
heap
page read and write
6B5B000
stack
page read and write
2EB0000
heap
page read and write
114E000
stack
page read and write
1D66D000
stack
page read and write
11F0000
direct allocation
page read and write
D44000
heap
page read and write
1343000
heap
page read and write
327F000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
39AF000
stack
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
F8E000
unkown
page execute and read and write
1510000
direct allocation
page read and write
E14000
unkown
page execute and write copy
D44000
heap
page read and write
F54000
unkown
page execute and write copy
70C0000
heap
page read and write
6C9D000
stack
page read and write
4A80000
direct allocation
page execute and read and write
5110000
direct allocation
page execute and read and write
FFC000
unkown
page execute and read and write
44B1000
heap
page read and write
1335000
heap
page read and write
E34000
unkown
page execute and write copy
ECA000
unkown
page execute and write copy
4D81000
heap
page read and write
1D793000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
EBA000
unkown
page execute and write copy
BB0000
unkown
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D7A5000
heap
page read and write
784000
heap
page read and write
5390000
direct allocation
page execute and read and write
784000
heap
page read and write
D44000
heap
page read and write
386F000
stack
page read and write
FD0000
direct allocation
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
EBA000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
3FFE000
stack
page read and write
1185000
heap
page read and write
466E000
stack
page read and write
D44000
heap
page read and write
1D7B2000
heap
page read and write
810000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
EB1000
unkown
page execute and read and write
47FE000
stack
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
D84000
unkown
page execute and write copy
D44000
heap
page read and write
1260000
direct allocation
page read and write
1D7C0000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
784000
heap
page read and write
11F0000
direct allocation
page read and write
4B81000
heap
page read and write
770000
direct allocation
page read and write
D44000
heap
page read and write
1D7A5000
heap
page read and write
D44000
heap
page read and write
1283000
heap
page read and write
BA0000
heap
page read and write
D44000
heap
page read and write
FD0000
direct allocation
page read and write
D97000
unkown
page execute and read and write
DE0000
heap
page read and write
C1B000
unkown
page execute and read and write
770000
direct allocation
page read and write
D45000
heap
page read and write
337E000
stack
page read and write
2E2F000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
12D0000
heap
page read and write
86AE000
stack
page read and write
496B000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
519E000
stack
page read and write
413E000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1510000
direct allocation
page read and write
B4B000
stack
page read and write
E34000
unkown
page execute and write copy
D44000
heap
page read and write
1D7A5000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
EB8000
unkown
page execute and read and write
E12000
unkown
page execute and read and write
1D79B000
heap
page read and write
D44000
heap
page read and write
49F0000
heap
page read and write
FD0000
direct allocation
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
280000
unkown
page read and write
770000
direct allocation
page read and write
784000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
DAB000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
4AC0000
direct allocation
page execute and read and write
1D78B000
heap
page read and write
100C000
unkown
page execute and read and write
D44000
heap
page read and write
DD4000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
EC9000
unkown
page execute and write copy
D44000
heap
page read and write
64CE000
stack
page read and write
2EFB000
stack
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
D80000
unkown
page readonly
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
2FAE000
stack
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
51A0000
direct allocation
page execute and read and write
D44000
heap
page read and write
397F000
stack
page read and write
42BF000
stack
page read and write
D44000
heap
page read and write
F8B000
unkown
page execute and write copy
1D78B000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
EAF000
unkown
page execute and write copy
D44000
heap
page read and write
C19000
unkown
page write copy
4C6E000
stack
page read and write
E44000
unkown
page execute and write copy
4B81000
heap
page read and write
D44000
heap
page read and write
50FE000
stack
page read and write
1530000
heap
page read and write
D45000
heap
page read and write
784000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
35BF000
stack
page read and write
4B81000
heap
page read and write
4D6F000
stack
page read and write
D45000
heap
page read and write
E1E000
unkown
page execute and read and write
396F000
stack
page read and write
31FF000
stack
page read and write
34FF000
stack
page read and write
4B3E000
stack
page read and write
D44000
heap
page read and write
473F000
stack
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
784000
heap
page read and write
1D7A1000
heap
page read and write
515F000
stack
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
2EAF000
stack
page read and write
4AF0000
trusted library allocation
page read and write
D44000
heap
page read and write
E3C000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D1DE000
stack
page read and write
DD6000
unkown
page execute and read and write
D44000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
49FE000
stack
page read and write
61EB7000
direct allocation
page readonly
4AEF000
stack
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
5160000
direct allocation
page execute and read and write
D44000
heap
page read and write
49EE000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
784000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
35EE000
stack
page read and write
D44000
heap
page read and write
50AF000
stack
page read and write
D44000
heap
page read and write
3D6E000
stack
page read and write
387E000
stack
page read and write
D81000
unkown
page execute and read and write
784000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
2FFF000
stack
page read and write
1319000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
34AF000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
4C3F000
stack
page read and write
12CB000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
44FE000
stack
page read and write
6A28000
heap
page read and write
2AAE000
stack
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
75D000
unkown
page execute and read and write
1170000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
3D2F000
stack
page read and write
B8E000
stack
page read and write
44BE000
stack
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
1D792000
heap
page read and write
D44000
heap
page read and write
DA7000
unkown
page execute and write copy
D44000
heap
page read and write
3F0000
heap
page read and write
B00000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
770000
direct allocation
page read and write
D44000
heap
page read and write
FD0000
direct allocation
page read and write
D44000
heap
page read and write
1D7C0000
heap
page read and write
D44000
heap
page read and write
44EF000
stack
page read and write
D44000
heap
page read and write
1305000
heap
page read and write
784000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
6D6B000
stack
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D40000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
6C8CF000
unkown
page write copy
D44000
heap
page read and write
44B1000
heap
page read and write
3EFF000
stack
page read and write
44AF000
stack
page read and write
1D7A4000
heap
page read and write
1510000
direct allocation
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
3BEF000
stack
page read and write
DBB000
unkown
page execute and write copy
E12000
unkown
page execute and read and write
D44000
heap
page read and write
1D793000
heap
page read and write
4B81000
heap
page read and write
1005000
unkown
page execute and read and write
3DFE000
stack
page read and write
B90000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
44B1000
heap
page read and write
131D000
heap
page read and write
44B1000
heap
page read and write
D44000
heap
page read and write
1D79B000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1260000
direct allocation
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1D78B000
heap
page read and write
D44000
heap
page read and write
784000
heap
page read and write
D97000
unkown
page execute and read and write
4B81000
heap
page read and write
4B81000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
1260000
direct allocation
page read and write
D44000
heap
page read and write
1D7B2000
heap
page read and write
52ED000
stack
page read and write
EC9000
unkown
page execute and read and write
D45000
heap
page read and write
7F3000
heap
page read and write
129B000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
DE8000
unkown
page execute and read and write
D44000
heap
page read and write
E14000
unkown
page execute and write copy
E9E000
unkown
page execute and write copy
5030000
direct allocation
page execute and read and write
D44000
heap
page read and write
FD0000
direct allocation
page read and write
2A96C000
stack
page read and write
5050000
direct allocation
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
1358000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
784000
heap
page read and write
44B1000
heap
page read and write
D45000
heap
page read and write
E29000
unkown
page execute and read and write
11F0000
direct allocation
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
4EEE000
stack
page read and write
2DAE000
stack
page read and write
312E000
stack
page read and write
10F3000
stack
page read and write
D44000
heap
page read and write
239C1000
heap
page read and write
D44000
heap
page read and write
1287000
heap
page read and write
D44000
heap
page read and write
6346000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
4B81000
heap
page read and write
49AF000
stack
page read and write
D44000
heap
page read and write
E35000
unkown
page execute and read and write
FD0000
direct allocation
page read and write
B74000
heap
page read and write
7A0000
direct allocation
page read and write
38AE000
stack
page read and write
1D79F000
heap
page read and write
D44000
heap
page read and write
E36000
unkown
page execute and write copy
D44000
heap
page read and write
DAB000
unkown
page execute and read and write
135E000
heap
page read and write
156E000
heap
page read and write
44B1000
heap
page read and write
44C0000
heap
page read and write
D30000
heap
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
E03000
unkown
page execute and write copy
D44000
heap
page read and write
412F000
stack
page read and write
4B81000
heap
page read and write
12F6000
heap
page read and write
6C6DE000
unkown
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
3DBF000
stack
page read and write
1CF9E000
stack
page read and write
1333000
heap
page read and write
F8A000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
C1B000
unkown
page execute and read and write
D44000
heap
page read and write
45EF000
stack
page read and write
33FE000
stack
page read and write
107F000
unkown
page execute and write copy
1D78B000
heap
page read and write
1D7BA000
heap
page read and write
322E000
stack
page read and write
D44000
heap
page read and write
D45000
heap
page read and write
D44000
heap
page read and write
D84000
unkown
page execute and write copy
D44000
heap
page read and write
D44000
heap
page read and write
23C59000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
3FEE000
stack
page read and write
E2C000
unkown
page execute and read and write
6340000
heap
page read and write
D44000
heap
page read and write
D44000
heap
page read and write
FB8000
unkown
page execute and read and write
D44000
heap
page read and write
D44000
heap
page read and write
443E000
stack
page read and write
D44000
heap
page read and write
E34000
unkown
page execute and write copy
D45000
heap
page read and write
There are 2330 hidden memdumps, click here to show them.